1 /********************************************************************************/ 2 /* */ 3 /* TPM 1.2 Structures */ 4 /* Written by Ken Goldman */ 5 /* IBM Thomas J. Watson Research Center */ 6 /* */ 7 /* (c) Copyright IBM Corporation 2018. */ 8 /* */ 9 /* All rights reserved. */ 10 /* */ 11 /* Redistribution and use in source and binary forms, with or without */ 12 /* modification, are permitted provided that the following conditions are */ 13 /* met: */ 14 /* */ 15 /* Redistributions of source code must retain the above copyright notice, */ 16 /* this list of conditions and the following disclaimer. */ 17 /* */ 18 /* Redistributions in binary form must reproduce the above copyright */ 19 /* notice, this list of conditions and the following disclaimer in the */ 20 /* documentation and/or other materials provided with the distribution. */ 21 /* */ 22 /* Neither the names of the IBM Corporation nor the names of its */ 23 /* contributors may be used to endorse or promote products derived from */ 24 /* this software without specific prior written permission. */ 25 /* */ 26 /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ 27 /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ 28 /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ 29 /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ 30 /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ 31 /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ 32 /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ 33 /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ 34 /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ 35 /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ 36 /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ 37 /********************************************************************************/ 38 39 #ifndef TPMSTRUCTURES12_H 40 #define TPMSTRUCTURES12_H 41 42 #include <limits.h> 43 #include "tpmconstants12.h" 44 #include "tpmtypes12.h" 45 46 /* Sanity check on build macros are centralized here, since any TPM will use this header */ 47 48 #if !defined (TPM_POSIX) && !defined (TPM_WINDOWS) && !defined(TPM_SKIBOOT) 49 #error "Must define either TPM_POSIX TPM_SKIBOOT or TPM_WINDOWS" 50 #endif 51 52 #define TPM_REVISION_MAX 9999 53 #ifndef TPM_REVISION 54 #define TPM_REVISION TPM_REVISION_MAX 55 #endif 56 57 /* 5.1 TPM_STRUCT_VER rev 100 58 59 This indicates the version of the structure or TPM. 60 61 Version 1.2 deprecates the use of this structure in all other structures. The structure is not 62 deprecated as many of the structures that contain this structure are not deprecated. 63 */ 64 65 typedef struct tdTPM_STRUCT_VER { 66 BYTE major; /* This SHALL indicate the major version of the structure. MUST be 0x01 */ 67 BYTE minor; /* This SHALL indicate the minor version of the structure. MUST be 0x01 */ 68 BYTE revMajor; /* This MUST be 0x00 on output, ignored on input */ 69 BYTE revMinor; /* This MUST be 0x00 on output, ignored on input */ 70 } TPM_STRUCT_VER; 71 72 /* 5.2 TPM_VERSION_BYTE rev 87 73 74 Allocating a byte for the version information is wasteful of space. The current allocation does 75 not provide sufficient resolution to indicate completely the version of the TPM. To allow for 76 backwards compatibility the size of the structure does not change from 1.1. 77 78 To enable minor version, or revision, numbers with 2-digit resolution, the byte representing a 79 version splits into two BDC encoded nibbles. The ordering of the low and high order provides 80 backwards compatibility with existing numbering. 81 82 An example of an implementation of this is; a version of 1.23 would have the value 2 in bit 83 positions 3-0 and the value 3 in bit positions 7-4. 84 85 TPM_VERSION_BYTE is a byte. The byte is broken up according to the following rule 86 87 7-4 leastSigVer Least significant nibble of the minor version. MUST be values within the range of 88 0000-1001 89 3-0 mostSigVer Most significant nibble of the minor version. MUST be values within the range of 90 0000-1001 91 */ 92 93 /* 5.3 TPM_VERSION rev 116 94 95 This structure provides information relative the version of the TPM. This structure should only 96 be in use by TPM_GetCapability to provide the information relative to the TPM. 97 */ 98 99 typedef struct tdTPM_VERSION { 100 TPM_VERSION_BYTE major; /* This SHALL indicate the major version of the TPM, mostSigVer MUST 101 be 0x1, leastSigVer MUST be 0x0 */ 102 TPM_VERSION_BYTE minor; /* This SHALL indicate the minor version of the TPM, mostSigVer MUST 103 be 0x1 or 0x2, leastSigVer MUST be 0x0 */ 104 BYTE revMajor; /* This SHALL be the value of the TPM_PERMANENT_DATA -> revMajor */ 105 BYTE revMinor; /* This SHALL be the value of the TPM_PERMANENT_DATA -> revMinor */ 106 } TPM_VERSION; 107 108 /* 5.4 TPM_DIGEST rev 111 109 110 The digest value reports the result of a hash operation. 111 112 In version 1 the hash algorithm is SHA-1 with a resulting hash result being 20 bytes or 160 bits. 113 114 It is understood that algorithm agility is lost due to fixing the hash at 20 bytes and on 115 SHA-1. The reason for fixing is due to the internal use of the digest. It is the authorization 116 values, it provides the secrets for the HMAC and the size of 20 bytes determines the values that 117 can be stored and encrypted. For this reason, the size is fixed and any changes to this value 118 require a new version of the specification. 119 120 The digestSize parameter MUST indicate the block size of the algorithm and MUST be 20 or greater. 121 122 For all TPM v1 hash operations, the hash algorithm MUST be SHA-1 and the digestSize parameter is 123 therefore equal to 20. 124 */ 125 126 #define TPM_DIGEST_SIZE 20 127 typedef BYTE TPM_DIGEST[TPM_DIGEST_SIZE]; 128 129 /* Redefinitions */ 130 131 typedef TPM_DIGEST TPM_CHOSENID_HASH; /* This SHALL be the digest of the chosen identityLabel and 132 privacyCA for a new TPM identity.*/ 133 134 typedef TPM_DIGEST TPM_COMPOSITE_HASH; /* This SHALL be the hash of a list of PCR indexes and PCR 135 values that a key or data is bound to. */ 136 137 typedef TPM_DIGEST TPM_DIRVALUE; /* This SHALL be the value of a DIR register */ 138 139 typedef TPM_DIGEST TPM_HMAC; /* This shall be the output of the HMAC algorithm */ 140 141 typedef TPM_DIGEST TPM_PCRVALUE; /* The value inside of the PCR */ 142 143 typedef TPM_DIGEST TPM_AUDITDIGEST; /* This SHALL be the value of the current internal audit 144 state */ 145 146 /* 5.5 TPM_NONCE rev 99 147 148 A nonce is a random value that provides protection from replay and other attacks. Many of the 149 commands and protocols in the specification require a nonce. This structure provides a consistent 150 view of what a nonce is. 151 */ 152 153 #define TPM_NONCE_SIZE 20 154 typedef BYTE TPM_NONCE[TPM_NONCE_SIZE]; 155 156 typedef TPM_NONCE TPM_DAA_TPM_SEED; /* This SHALL be a random value generated by a TPM 157 immediately after the EK is installed in that TPM, 158 whenever an EK is installed in that TPM */ 159 typedef TPM_NONCE TPM_DAA_CONTEXT_SEED; /* This SHALL be a random value */ 160 161 /* 5.6 TPM_AUTHDATA rev 87 162 163 The authorization data is the information that is saved or passed to provide proof of ownership 164 of an entity. For version 1 this area is always 20 bytes. 165 */ 166 167 #define TPM_AUTHDATA_SIZE 20 168 typedef BYTE TPM_AUTHDATA[TPM_AUTHDATA_SIZE]; 169 170 #define TPM_SECRET_SIZE 20 171 typedef BYTE TPM_SECRET[TPM_SECRET_SIZE]; 172 173 typedef TPM_AUTHDATA TPM_ENCAUTH; /* A cipher text (encrypted) version of authorization data. The 174 encryption mechanism depends on the context. */ 175 176 #if 0 /* FIXME */ 177 /* 5.11 TPM_CHANGEAUTH_VALIDATE rev 87 178 179 This structure provides an area that will stores the new authorization data and the challenger's 180 nonce. 181 */ 182 183 typedef struct tdTPM_CHANGEAUTH_VALIDATE { 184 TPM_SECRET newAuthSecret; /* This SHALL be the new authorization data for the target entity */ 185 TPM_NONCE n1; /* This SHOULD be a nonce, to enable the caller to verify that the 186 target TPM is on-line. */ 187 } TPM_CHANGEAUTH_VALIDATE; 188 189 #endif 190 191 192 /* PCR */ 193 194 /* NOTE: The TPM requires and the code assumes a multiple of CHAR_BIT (8). 48 registers (6 bytes) 195 may be a bad number, as it makes TPM_PCR_INFO and TPM_PCR_INFO_LONG indistinguishable in the 196 first two bytes. */ 197 198 #define TPM_NUM_PCR 24 /* Use PC Client specification values */ 199 200 #if (CHAR_BIT != 8) 201 #error "CHAR_BIT must be 8" 202 #endif 203 204 #if ((TPM_NUM_PCR % 8) != 0) 205 #error "TPM_NUM_PCR must be a multiple of 8" 206 #endif 207 208 #define TPM_DEBUG_PCR 16 209 210 /* 8.1 TPM_PCR_SELECTION rev 110 211 212 This structure provides a standard method of specifying a list of PCR registers. 213 */ 214 215 typedef struct tdTPM_PCR_SELECTION { 216 uint16_t sizeOfSelect; /* The size in bytes of the pcrSelect structure */ 217 BYTE pcrSelect[TPM_NUM_PCR/CHAR_BIT]; /* This SHALL be a bit map that indicates if a PCR 218 is active or not */ 219 } TPM_PCR_SELECTION; 220 221 #if 0 222 /* 8.2 TPM_PCR_COMPOSITE rev 97 223 224 The composite structure provides the index and value of the PCR register to be used when creating 225 the value that SEALS an entity to the composite. 226 */ 227 228 typedef struct tdTPM_PCR_COMPOSITE { 229 TPM_PCR_SELECTION select; /* This SHALL be the indication of which PCR values are active */ 230 #if 0 231 uint32_t valueSize; /* This SHALL be the size of the pcrValue field (not the number of 232 PCR's) */ 233 TPM_PCRVALUE *pcrValue; /* This SHALL be an array of TPM_PCRVALUE structures. The values 234 come in the order specified by the select parameter and are 235 concatenated into a single blob */ 236 #endif 237 TPM_SIZED_BUFFER pcrValue; 238 } TPM_PCR_COMPOSITE; 239 240 /* 8.3 TPM_PCR_INFO rev 87 241 242 The TPM_PCR_INFO structure contains the information related to the wrapping of a key or the 243 sealing of data, to a set of PCRs. 244 */ 245 246 typedef struct tdTPM_PCR_INFO { 247 TPM_PCR_SELECTION pcrSelection; /* This SHALL be the selection of PCRs to which the 248 data or key is bound. */ 249 TPM_COMPOSITE_HASH digestAtRelease; /* This SHALL be the digest of the PCR indices and 250 PCR values to verify when revealing Sealed Data 251 or using a key that was wrapped to PCRs. NOTE: 252 This is passed in by the host, and used as 253 authorization to use the key */ 254 TPM_COMPOSITE_HASH digestAtCreation; /* This SHALL be the composite digest value of the 255 PCR values, at the time when the sealing is 256 performed. NOTE: This is generated at key 257 creation, but is just informative to the host, 258 not used for authorization */ 259 } TPM_PCR_INFO; 260 261 #endif 262 263 /* 8.6 TPM_LOCALITY_SELECTION rev 87 264 265 When used with localityAtCreation only one bit is set and it corresponds to the locality of the 266 command creating the structure. 267 268 When used with localityAtRelease the bits indicate which localities CAN perform the release. 269 */ 270 271 typedef BYTE TPM_LOCALITY_SELECTION; 272 273 #define TPM_LOC_FOUR 0x10 /* Locality 4 */ 274 #define TPM_LOC_THREE 0x08 /* Locality 3 */ 275 #define TPM_LOC_TWO 0x04 /* Locality 2 */ 276 #define TPM_LOC_ONE 0x02 /* Locality 1 */ 277 #define TPM_LOC_ZERO 0x01 /* Locality 0. This is the same as the legacy interface. */ 278 279 #define TPM_LOC_ALL 0x1f /* kgold - added all localities */ 280 #define TPM_LOC_MAX 4 /* kgold - maximum value for TPM_MODIFIER_INDICATOR */ 281 282 /* 8.4 TPM_PCR_INFO_LONG rev 109 283 284 The TPM_PCR_INFO structure contains the information related to the wrapping of a key or the 285 sealing of data, to a set of PCRs. 286 287 The LONG version includes information necessary to properly define the configuration that creates 288 the blob using the PCR selection. 289 */ 290 291 /* Marshaled TPM_PCR_INFO_LONG */ 292 293 typedef struct tdTPM_PCR_INFO_LONG { 294 TPM_STRUCTURE_TAG tag; /* This SHALL be TPM_TAG_PCR_INFO_LONG */ 295 TPM_LOCALITY_SELECTION localityAtCreation; /* This SHALL be the locality modifier of the 296 function that creates the PCR info structure */ 297 TPM_LOCALITY_SELECTION localityAtRelease; /* This SHALL be the locality modifier required to 298 reveal Sealed Data or use a key that was wrapped 299 to PCRs */ 300 TPM_PCR_SELECTION creationPCRSelection; /* This SHALL be the selection of PCRs active when 301 the blob is created */ 302 TPM_PCR_SELECTION releasePCRSelection; /* This SHALL be the selection of PCRs to which the 303 data or key is bound. */ 304 TPM_COMPOSITE_HASH digestAtCreation; /* This SHALL be the composite digest value of the 305 PCR values, at the time when the sealing is 306 performed. */ 307 TPM_COMPOSITE_HASH digestAtRelease; /* This SHALL be the digest of the PCR indices and 308 PCR values to verify when revealing Sealed Data 309 or using a key that was wrapped to PCRs. */ 310 } TPM_PCR_INFO_LONG; 311 312 #if 0 313 typedef struct { 314 UINT32 PCRInfoSize; 315 TPM_PCR_INFO_LONG PCRInfo; 316 } TPM4B_TPM_PCR_INFO_LONG; 317 318 #endif 319 320 /* 8.5 TPM_PCR_INFO_SHORT rev 87 321 322 This structure is for defining a digest at release when the only information that is necessary is 323 the release configuration. 324 */ 325 326 typedef struct tdTPM_PCR_INFO_SHORT { 327 TPM_PCR_SELECTION pcrSelection; /* This SHALL be the selection of PCRs that specifies the 328 digestAtRelease */ 329 TPM_LOCALITY_SELECTION localityAtRelease; /* This SHALL be the locality modifier required to 330 release the information. This value must not be 331 zero (0). */ 332 TPM_COMPOSITE_HASH digestAtRelease; /* This SHALL be the digest of the PCR indices and 333 PCR values to verify when revealing auth data */ 334 } TPM_PCR_INFO_SHORT; 335 336 #if 0 337 /* 8.8 TPM_PCR_ATTRIBUTES rev 107 338 339 These attributes are available on a per PCR basis. 340 341 The TPM is not required to maintain this structure internally to the TPM. 342 343 When a challenger evaluates a PCR an understanding of this structure is vital to the proper 344 understanding of the platform configuration. As this structure is static for all platforms of the 345 same type the structure does not need to be reported with each quote. 346 */ 347 348 typedef struct tdTPM_PCR_ATTRIBUTES { 349 TPM_BOOL pcrReset; /* A value of TRUE SHALL indicate that the PCR register can be reset 350 using the TPM_PCR_RESET command. */ 351 TPM_LOCALITY_SELECTION pcrExtendLocal; /* An indication of which localities can perform 352 extends on the PCR. */ 353 TPM_LOCALITY_SELECTION pcrResetLocal; /* An indication of which localities can reset the 354 PCR */ 355 } TPM_PCR_ATTRIBUTES; 356 357 /* 358 9. Storage Structures 359 */ 360 361 /* 9.1 TPM_STORED_DATA rev 87 362 363 The definition of this structure is necessary to ensure the enforcement of security properties. 364 365 This structure is in use by the TPM_Seal and TPM_Unseal commands to identify the PCR index and 366 values that must be present to properly unseal the data. 367 368 This structure only provides 1.1 data store and uses PCR_INFO 369 370 1. This structure is created during the TPM_Seal process. The confidential data is encrypted 371 using a nonmigratable key. When the TPM_Unseal decrypts this structure the TPM_Unseal uses the 372 public information in the structure to validate the current configuration and release the 373 decrypted data 374 375 2. When sealInfoSize is not 0 sealInfo MUST be TPM_PCR_INFO 376 */ 377 378 typedef struct tdTPM_STORED_DATA { 379 TPM_STRUCT_VER ver; /* This MUST be 1.1.0.0 */ 380 TPM_SIZED_BUFFER sealInfo; 381 #if 0 382 uint32_t sealInfoSize; /* Size of the sealInfo parameter */ 383 BYTE* sealInfo; /* This SHALL be a structure of type TPM_PCR_INFO or a 0 length 384 array if the data is not bound to PCRs. */ 385 #endif 386 TPM_SIZED_BUFFER encData; 387 #if 0 388 uint32_t encDataSize; /* This SHALL be the size of the encData parameter */ 389 BYTE* encData; /* This shall be an encrypted TPM_SEALED_DATA structure containing 390 the confidential part of the data. */ 391 #endif 392 /* NOTE: kgold - Added this structure, a cache of PCRInfo when not NULL */ 393 TPM_PCR_INFO *tpm_seal_info; 394 } TPM_STORED_DATA; 395 396 397 /* 9.2 TPM_STORED_DATA12 rev 101 398 399 The definition of this structure is necessary to ensure the enforcement of security properties. 400 This structure is in use by the TPM_Seal and TPM_Unseal commands to identify the PCR index and 401 values that must be present to properly unseal the data. 402 403 1. This structure is created during the TPM_Seal process. The confidential data is encrypted 404 using a nonmigratable key. When the TPM_Unseal decrypts this structure the TPM_Unseal uses the 405 public information in the structure to validate the current configuration and release the 406 decrypted data. 407 408 2. If sealInfoSize is not 0 then sealInfo MUST be TPM_PCR_INFO_LONG 409 */ 410 411 typedef struct tdTPM_STORED_DATA12 { 412 TPM_STRUCTURE_TAG tag; /* This SHALL be TPM_TAG_STORED_DATA12 */ 413 TPM_ENTITY_TYPE et; /* The type of blob */ 414 TPM_SIZED_BUFFER sealInfo; 415 #if 0 416 uint32_t sealInfoSize; /* Size of the sealInfo parameter */ 417 BYTE* sealInfo; /* This SHALL be a structure of type TPM_PCR_INFO_LONG or a 0 length 418 array if the data is not bound to PCRs. */ 419 #endif 420 TPM_SIZED_BUFFER encData; 421 #if 0 422 uint32_t encDataSize; /* This SHALL be the size of the encData parameter */ 423 BYTE* encData; /* This shall be an encrypted TPM_SEALED_DATA structure containing 424 the confidential part of the data. */ 425 #endif 426 /* NOTE: kgold - Added this structure, a cache of PCRInfo when not NULL */ 427 TPM_PCR_INFO_LONG *tpm_seal_info_long; 428 } TPM_STORED_DATA12; 429 430 /* 9.3 TPM_SEALED_DATA rev 87 431 432 This structure contains confidential information related to sealed data, including the data 433 itself. 434 435 1. To tie the TPM_STORED_DATA structure to the TPM_SEALED_DATA structure this structure contains 436 a digest of the containing TPM_STORED_DATA structure. 437 438 2. The digest calculation does not include the encDataSize and encData parameters. 439 */ 440 441 typedef struct tdTPM_SEALED_DATA { 442 TPM_PAYLOAD_TYPE payload; /* This SHALL indicate the payload type of TPM_PT_SEAL */ 443 TPM_SECRET authData; /* This SHALL be the authorization data for this value */ 444 TPM_SECRET tpmProof; /* This SHALL be a copy of TPM_PERMANENT_FLAGS -> tpmProof */ 445 TPM_DIGEST storedDigest; /* This SHALL be a digest of the TPM_STORED_DATA structure, 446 excluding the fields TPM_STORED_DATA -> encDataSize and 447 TPM_STORED_DATA -> encData. */ 448 TPM_SIZED_BUFFER data; /* This SHALL be the data to be sealed */ 449 #if 0 450 uint32_t dataSize; /* This SHALL be the size of the data parameter */ 451 BYTE* data; /* This SHALL be the data to be sealed */ 452 #endif 453 } TPM_SEALED_DATA; 454 455 #endif 456 457 458 /* 9.4 TPM_SYMMETRIC_KEY rev 87 459 460 This structure describes a symmetric key, used during the process "Collating a Request for a 461 Trusted Platform Module Identity". 462 */ 463 464 typedef struct tdTPM_SYMMETRIC_KEY { 465 TPM_ALGORITHM_ID algId; /* This SHALL be the algorithm identifier of the symmetric key. */ 466 TPM_ENC_SCHEME encScheme; /* This SHALL fully identify the manner in which the key will be 467 used for encryption operations. */ 468 uint16_t size; /* This SHALL be the size of the data parameter in bytes */ 469 BYTE data[MAX_SYM_KEY_BYTES]; /* This SHALL be the symmetric key data */ 470 } TPM_SYMMETRIC_KEY; 471 472 #if 0 473 474 /* 9.5 TPM_BOUND_DATA rev 87 475 476 This structure is defined because it is used by a TPM_UnBind command in a consistency check. 477 478 The intent of TCG is to promote "best practice" heuristics for the use of keys: a signing key 479 shouldn't be used for storage, and so on. These heuristics are used because of the potential 480 threats that arise when the same key is used in different ways. The heuristics minimize the 481 number of ways in which a given key can be used. 482 483 One such heuristic is that a key of type TPM_KEY_BIND, and no other type of key, should always be 484 used to create the blob that is unwrapped by TPM_UnBind. Binding is not a TPM function, so the 485 only choice is to perform a check for the correct payload type when a blob is unwrapped by a key 486 of type TPM_KEY_BIND. This requires the blob to have internal structure. 487 488 Even though payloadData has variable size, TPM_BOUND_DATA deliberately does not include the size 489 of payloadData. This is to maximise the size of payloadData that can be encrypted when 490 TPM_BOUND_DATA is encrypted in a single block. When using TPM-UnBind to obtain payloadData, the 491 size of payloadData is deduced as a natural result of the (RSA) decryption process. 492 493 1. This structure MUST be used for creating data when (wrapping with a key of type TPM_KEY_BIND) 494 or (wrapping using the encryption algorithm TPM_ES_RSAESOAEP_SHA1_MGF1). If it is not, the 495 TPM_UnBind command will fail. 496 */ 497 498 typedef struct tdTPM_BOUND_DATA { 499 TPM_STRUCT_VER ver; /* This MUST be 1.1.0.0 */ 500 TPM_PAYLOAD_TYPE payload; /* This SHALL be the value TPM_PT_BIND */ 501 uint32_t payloadDataSize; /* NOTE: added, not part of serialization */ 502 BYTE *payloadData; /* The bound data */ 503 } TPM_BOUND_DATA; 504 505 #endif 506 507 /* 508 10. TPM_KEY Complex 509 */ 510 511 /* 10.1.1 TPM_RSA_KEY_PARMS rev 87 512 513 This structure describes the parameters of an RSA key. 514 */ 515 516 typedef struct tdTPM_RSA_KEY_PARMS { 517 uint32_t keyLength; /* This specifies the size of the RSA key in bits */ 518 uint32_t numPrimes; /* This specifies the number of prime factors used by this RSA key. */ 519 uint32_t exponentSize; /* This SHALL be the size of the exponent. If the key is using the 520 the default public exponent then the exponentSize MUST be 0. */ 521 uint8_t exponent[4]; /* The public exponent of this key */ 522 } TPM_RSA_KEY_PARMS; 523 524 /* 10.1.2 TPM_SYMMETRIC_KEY_PARMS rev 87 525 526 This structure describes the parameters for symmetric algorithms 527 */ 528 529 typedef struct tdTPM_SYMMETRIC_KEY_PARMS { 530 uint32_t keyLength; /* This SHALL indicate the length of the key in bits */ 531 uint32_t blockSize; /* This SHALL indicate the block size of the algorithm*/ 532 TPM2B_IV iv; /* The initialization vector */ 533 } TPM_SYMMETRIC_KEY_PARMS; 534 535 /* 10.1 TPM_KEY_PARMS rev 87 536 537 This provides a standard mechanism to define the parameters used to generate a key pair, and to 538 store the parts of a key shared between the public and private key parts. 539 */ 540 541 typedef union { 542 TPM_RSA_KEY_PARMS rsaParms; 543 TPM_SYMMETRIC_KEY_PARMS symParms; 544 } TPMU_PARMS; 545 546 /* Marshaled TPMU_PARMS */ 547 548 #if 0 549 typedef struct { 550 UINT32 parmSize; 551 TPMU_PARMS parms; 552 } TPM4B_PARMS; 553 #endif 554 555 typedef struct { 556 TPM_ALGORITHM_ID algorithmID; /* This SHALL be the key algorithm in use */ 557 TPM_ENC_SCHEME encScheme; /* This SHALL be the encryption scheme that the key uses to encrypt 558 information */ 559 TPM_SIG_SCHEME sigScheme; /* This SHALL be the signature scheme that the key uses to perform 560 digital signatures */ 561 TPMU_PARMS parms; 562 } TPM_KEY_PARMS; 563 564 #if 0 565 566 /* 10.7 TPM_STORE_PRIVKEY rev 87 567 568 This structure can be used in conjunction with a corresponding TPM_PUBKEY to construct a private 569 key which can be unambiguously used. 570 */ 571 572 #if 0 573 typedef struct tdTPM_STORE_PRIVKEY { 574 uint32_t keyLength; /* This SHALL be the length of the key field. */ 575 BYTE* key; /* This SHALL be a structure interpreted according to the algorithm Id in 576 the corresponding TPM_KEY structure. */ 577 } TPM_STORE_PRIVKEY; 578 #endif 579 580 /* NOTE: Hard coded for RSA keys. This will change if other algorithms are supported */ 581 582 typedef struct tdTPM_STORE_PRIVKEY { 583 TPM_SIZED_BUFFER d_key; /* private key */ 584 TPM_SIZED_BUFFER p_key; /* private prime factor */ 585 TPM_SIZED_BUFFER q_key; /* private prime factor */ 586 } TPM_STORE_PRIVKEY; 587 588 /* 10.6 TPM_STORE_ASYMKEY rev 87 589 590 The TPM_STORE_ASYMKEY structure provides the area to identify the confidential information 591 related to a key. This will include the private key factors for an asymmetric key. 592 593 The structure is designed so that encryption of a TPM_STORE_ASYMKEY structure containing a 2048 594 bit RSA key can be done in one operation if the encrypting key is 2048 bits. 595 596 Using typical RSA notation the structure would include P, and when loading the key include the 597 unencrypted P*Q which would be used to recover the Q value. 598 599 To accommodate the future use of multiple prime RSA keys the specification of additional prime 600 factors is an optional capability. 601 602 This structure provides the basis of defining the protection of the private key. Changes in this 603 structure MUST be reflected in the TPM_MIGRATE_ASYMKEY structure (section 10.8). 604 */ 605 606 typedef struct tdTPM_STORE_ASYMKEY { 607 TPM_PAYLOAD_TYPE payload; /* This SHALL set to TPM_PT_ASYM to indicate an asymmetric 608 key. If used in TPM_CMK_ConvertMigration the value SHALL 609 be TPM_PT_MIGRATE_EXTERNAL. If used in TPM_CMK_CreateKey 610 the value SHALL be TPM_PT_MIGRATE_RESTRICTED */ 611 TPM_SECRET usageAuth; /* This SHALL be the authorization data necessary to 612 authorize the use of this value */ 613 TPM_SECRET migrationAuth; /* This SHALL be the migration authorization data for a 614 migratable key, or the TPM secret value tpmProof for a 615 non-migratable key created by the TPM. 616 617 If the TPM sets this parameter to the value tpmProof, 618 then the TPM_KEY.keyFlags.migratable of the corresponding 619 TPM_KEY structure MUST be set to 0. 620 621 If this parameter is set to the migration authorization 622 data for the key in parameter PrivKey, then the 623 TPM_KEY.keyFlags.migratable of the corresponding TPM_KEY 624 structure SHOULD be set to 1. */ 625 TPM_DIGEST pubDataDigest; /* This SHALL be the digest of the corresponding TPM_KEY 626 structure, excluding the fields TPM_KEY.encSize and 627 TPM_KEY.encData. 628 629 When TPM_KEY -> pcrInfoSize is 0 then the digest 630 calculation has no input from the pcrInfo field. The 631 pcrInfoSize field MUST always be part of the digest 632 calculation. 633 */ 634 TPM_STORE_PRIVKEY privKey; /* This SHALL be the private key data. The privKey can be a 635 variable length which allows for differences in the key 636 format. The maximum size of the area would be 151 637 bytes. */ 638 } TPM_STORE_ASYMKEY; 639 640 /* 10.8 TPM_MIGRATE_ASYMKEY rev 87 641 642 The TPM_MIGRATE_ASYMKEY structure provides the area to identify the private key factors of a 643 asymmetric key while the key is migrating between TPM's. 644 645 This structure provides the basis of defining the protection of the private key. 646 647 k1k2 - 132 privkey.key (128 + 4) 648 k1 - 20, OAEP seed 649 k2 - 112, partPrivKey 650 TPM_STORE_PRIVKEY 4 partPrivKey.keyLength 651 108 partPrivKey.key (128 - 20) 652 */ 653 654 typedef struct tdTPM_MIGRATE_ASYMKEY { 655 TPM_PAYLOAD_TYPE payload; /* This SHALL set to TPM_PT_MIGRATE or TPM_PT_CMK_MIGRATE to 656 indicate an migrating asymmetric key or TPM_PT_MAINT to indicate 657 a maintenance key. */ 658 TPM_SECRET usageAuth; /* This SHALL be a copy of the usageAuth from the TPM_STORE_ASYMKEY 659 structure. */ 660 TPM_DIGEST pubDataDigest; /* This SHALL be a copy of the pubDataDigest from the 661 TPM_STORE_ASYMKEY structure. */ 662 #if 0 663 uint32_t partPrivKeyLen; /* This SHALL be the size of the partPrivKey field */ 664 BYTE *partPrivKey; /* This SHALL be the k2 area as described in TPM_CreateMigrationBlob 665 */ 666 #endif 667 TPM_SIZED_BUFFER partPrivKey; 668 } TPM_MIGRATE_ASYMKEY; 669 670 #endif 671 672 /* 10.4 TPM_STORE_PUBKEY 673 674 This structure can be used in conjunction with a corresponding TPM_KEY_PARMS to 1382 construct a 675 public key which can be unambiguously used. 676 */ 677 678 typedef struct tdTPM_STORE_PUBKEY { 679 UINT32 keyLength; /* This SHALL be the length of the key field. */ 680 BYTE key[MAX_RSA_KEY_BYTES]; /* This SHALL be a structure interpreted according to the 681 algorithm Id in the corresponding TPM_KEY_PARMS 682 structure. */ 683 } TPM_STORE_PUBKEY; 684 685 /* 10.3 TPM_KEY12 rev 87 686 687 This provides the same functionality as TPM_KEY but uses the new PCR_INFO_LONG structures and the 688 new structure tagging. In all other aspects this is the same structure. 689 */ 690 691 typedef struct tdTPM_KEY12 { 692 TPM_STRUCTURE_TAG tag; /* MUST be TPM_TAG_KEY12 */ 693 uint16_t fill; /* MUST be 0x0000 */ 694 TPM_KEY_USAGE keyUsage; /* This SHALL be the TPM key usage that determines the operations 695 permitted with this key */ 696 TPM_KEY_FLAGS keyFlags; /* This SHALL be the indication of migration, redirection etc. */ 697 TPM_AUTH_DATA_USAGE authDataUsage; /* This SHALL Indicate the conditions where it is required 698 that authorization be presented. */ 699 TPM_KEY_PARMS algorithmParms; /* This SHALL be the information regarding the algorithm for 700 this key */ 701 TPM_PCR_INFO_LONG PCRInfo; 702 TPM_STORE_PUBKEY pubKey; /* This SHALL be the public portion of the key */ 703 TPM_STORE_PUBKEY encData; /* This SHALL be an encrypted TPM_STORE_ASYMKEY structure 704 TPM_MIGRATE_ASYMKEY structure */ 705 } TPM_KEY12; 706 707 /* 10.5 TPM_PUBKEY rev 99 708 709 The TPM_PUBKEY structure contains the public portion of an asymmetric key pair. It contains all 710 the information necessary for its unambiguous usage. It is possible to construct this structure 711 from a TPM_KEY, using the algorithmParms and pubKey fields. 712 713 The pubKey member of this structure shall contain the public key for a specific algorithm. 714 */ 715 716 typedef struct tdTPM_PUBKEY { 717 TPM_KEY_PARMS algorithmParms; /* This SHALL be the information regarding this key */ 718 TPM_STORE_PUBKEY pubKey; /* This SHALL be the public key information */ 719 } TPM_PUBKEY; 720 721 #if 0 722 723 /* 5.b. The TPM must support a minimum of 2 key slots. */ 724 725 #define TPM_KEY_HANDLES 16 /* entries in global TPM_KEY_HANDLE_ENTRY array */ 726 727 /* TPM_GetCapability uses a uint_16 for the number of key slots */ 728 729 #if (TPM_KEY_HANDLES > 0xffff) 730 #error "TPM_KEY_HANDLES must be less than 0x10000" 731 #endif 732 733 /* The TPM does not have to support any minumum number of owner evict keys. Adjust this value to 734 match the amount of NV space available. An owner evict key consumes about 512 bytes. 735 736 A value greater than (TPM_KEY_HANDLES - 2) is useless, as the TPM reserves 2 key slots for 737 non-owner evict keys to avoid blocking. 738 */ 739 740 #define TPM_OWNER_EVICT_KEY_HANDLES 2 741 #if (TPM_OWNER_EVICT_KEY_HANDLES > (TPM_KEY_HANDLES - 2)) 742 #error "TPM_OWNER_EVICT_KEY_HANDLES too large for TPM_KEY_HANDLES" 743 #endif 744 745 /* This is the version used by the TPM implementation. It is part of the global TPM state */ 746 747 /* kgold: Added TPM_KEY member. There needs to be a mapping between a key handle 748 and the pointer to TPM_KEY objects, and this seems to be the right place for it. */ 749 750 typedef struct tdTPM_KEY_HANDLE_ENTRY { 751 TPM_KEY_HANDLE handle; /* Handles for a key currently loaded in the TPM */ 752 TPM_KEY *key; /* Pointer to the key object */ 753 TPM_BOOL parentPCRStatus; /* TRUE if parent of this key uses PCR's */ 754 TPM_KEY_CONTROL keyControl; /* Attributes that can control various aspects of key usage and 755 manipulation. */ 756 } TPM_KEY_HANDLE_ENTRY; 757 758 /* 5.12 TPM_MIGRATIONKEYAUTH rev 87 759 760 This structure provides the proof that the associated public key has TPM Owner authorization to 761 be a migration key. 762 */ 763 764 typedef struct tdTPM_MIGRATIONKEYAUTH { 765 TPM_PUBKEY migrationKey; /* This SHALL be the public key of the migration facility */ 766 TPM_MIGRATE_SCHEME migrationScheme; /* This shall be the type of migration operation.*/ 767 TPM_DIGEST digest; /* This SHALL be the digest value of the concatenation of 768 migration key, migration scheme and tpmProof */ 769 } TPM_MIGRATIONKEYAUTH; 770 771 /* 5.13 TPM_COUNTER_VALUE rev 87 772 773 This structure returns the counter value. For interoperability, the value size should be 4 bytes. 774 */ 775 776 #define TPM_COUNTER_LABEL_SIZE 4 777 #define TPM_COUNT_ID_NULL 0xffffffff /* unused value TPM_CAP_PROP_ACTIVE_COUNTER expects this 778 value if no counter is active */ 779 #define TPM_COUNT_ID_ILLEGAL 0xfffffffe /* after releasing an active counter */ 780 781 typedef struct tdTPM_COUNTER_VALUE { 782 #ifdef TPM_USE_TAG_IN_STRUCTURE 783 TPM_STRUCTURE_TAG tag; /* TPM_TAG_COUNTER_VALUE */ 784 #endif 785 BYTE label[TPM_COUNTER_LABEL_SIZE]; /* The label for the counter */ 786 TPM_ACTUAL_COUNT counter; /* The 32-bit counter value. */ 787 /* NOTE: Added. TPMWG email says the specification structure is the public part, but these are 788 vendor specific private members. */ 789 TPM_SECRET authData; /* Authorization secret for counter */ 790 TPM_BOOL valid; 791 TPM_DIGEST digest; /* for OSAP comparison */ 792 } TPM_COUNTER_VALUE; 793 794 /* 5.14 TPM_SIGN_INFO Structure rev 102 795 796 This is an addition in 1.2 and is the structure signed for certain commands (e.g., 797 TPM_ReleaseTransportSigned). Some commands have a structure specific to that command (e.g., 798 TPM_Quote uses TPM_QUOTE_INFO) and do not use TPM_SIGN_INFO. 799 800 TPM_Sign uses this structure when the signature scheme is TPM_SS_RSASSAPKCS1v15_INFO. 801 */ 802 803 #define TPM_SIGN_INFO_FIXED_SIZE 4 804 805 typedef struct tdTPM_SIGN_INFO { 806 #ifdef TPM_USE_TAG_IN_STRUCTURE 807 TPM_STRUCTURE_TAG tag; /* TPM_TAG_SIGNINFO */ 808 #endif 809 BYTE fixed[TPM_SIGN_INFO_FIXED_SIZE]; /* The ASCII text that identifies what function was 810 performing the signing operation*/ 811 TPM_NONCE replay; /* Nonce provided by caller to prevent replay attacks */ 812 #if 0 813 uint32_t dataLen; /* The length of the data area */ 814 BYTE* data; /* The data that is being signed */ 815 #endif 816 TPM_SIZED_BUFFER data; /* The data that is being signed */ 817 } TPM_SIGN_INFO; 818 819 /* 5.15 TPM_MSA_COMPOSITE Structure rev 87 820 821 TPM_MSA_COMPOSITE contains an arbitrary number of digests of public keys belonging to Migration 822 Authorities. An instance of TPM_MSA_COMPOSITE is incorporated into the migrationAuth value of a 823 certified-migration-key (CMK), and any of the Migration Authorities specified in that instance is 824 able to approve the migration of that certified-migration-key. 825 826 TPMs MUST support TPM_MSA_COMPOSITE structures with MSAlist of four (4) or less, and MAY support 827 larger values of MSAlist. 828 */ 829 830 typedef struct tdTPM_MSA_COMPOSITE { 831 uint32_t MSAlist; /* The number of migAuthDigests. MSAlist MUST be one (1) or 832 greater. */ 833 TPM_DIGEST *migAuthDigest; /* An arbitrary number of digests of public keys belonging 834 to Migration Authorities. */ 835 } TPM_MSA_COMPOSITE; 836 837 /* 5.16 TPM_CMK_AUTH 838 839 The signed digest of TPM_CMK_AUTH is a ticket to prove that the entity with public key 840 "migrationAuthority" has approved the public key "destination Key" as a migration destination for 841 the key with public key "sourceKey". 842 843 Normally the digest of TPM_CMK_AUTH is signed by the private key corresponding to 844 "migrationAuthority". 845 846 To reduce data size, TPM_CMK_AUTH contains just the digests of "migrationAuthority", 847 "destinationKey" and "sourceKey". 848 */ 849 850 typedef struct tdTPM_CMK_AUTH { 851 TPM_DIGEST migrationAuthorityDigest; /* The digest of the public key of a Migration 852 Authority */ 853 TPM_DIGEST destinationKeyDigest; /* The digest of a TPM_PUBKEY structure that is an 854 approved destination key for the private key 855 associated with "sourceKey"*/ 856 TPM_DIGEST sourceKeyDigest; /* The digest of a TPM_PUBKEY structure whose 857 corresponding private key is approved by the 858 Migration Authority to be migrated as a child to 859 the destinationKey. */ 860 } TPM_CMK_AUTH; 861 862 #endif 863 864 /* 5.18 TPM_SELECT_SIZE rev 87 865 866 This structure provides the indication for the version and sizeOfSelect structure in GetCapability 867 */ 868 869 typedef struct tdTPM_SELECT_SIZE { 870 BYTE major; /* This SHALL indicate the major version of the TPM. This MUST be 0x01 */ 871 BYTE minor; /* This SHALL indicate the minor version of the TPM. This MAY be 0x01 or 872 0x02 */ 873 uint16_t reqSize; /* This SHALL indicate the value for a sizeOfSelect field in the 874 TPM_SELECTION structure */ 875 } TPM_SELECT_SIZE; 876 877 #if 0 878 879 /* 5.19 TPM_CMK_MIGAUTH rev 89 880 881 Structure to keep track of the CMK migration authorization 882 */ 883 884 typedef struct tdTPM_CMK_MIGAUTH { 885 #ifdef TPM_USE_TAG_IN_STRUCTURE 886 TPM_STRUCTURE_TAG tag; /* Set to TPM_TAG_CMK_MIGAUTH */ 887 #endif 888 TPM_DIGEST msaDigest; /* The digest of a TPM_MSA_COMPOSITE structure containing the 889 migration authority public key and parameters. */ 890 TPM_DIGEST pubKeyDigest; /* The hash of the associated public key */ 891 } TPM_CMK_MIGAUTH; 892 893 /* 5.20 TPM_CMK_SIGTICKET rev 87 894 895 Structure to keep track of the CMK migration authorization 896 */ 897 898 typedef struct tdTPM_CMK_SIGTICKET { 899 #ifdef TPM_USE_TAG_IN_STRUCTURE 900 TPM_STRUCTURE_TAG tag; /* Set to TPM_TAG_CMK_SIGTICKET */ 901 #endif 902 TPM_DIGEST verKeyDigest; /* The hash of a TPM_PUBKEY structure containing the public key and 903 parameters of the key that can verify the ticket */ 904 TPM_DIGEST signedData; /* The ticket data */ 905 } TPM_CMK_SIGTICKET; 906 907 /* 5.21 TPM_CMK_MA_APPROVAL rev 87 908 909 Structure to keep track of the CMK migration authorization 910 */ 911 912 typedef struct tdTPM_CMK_MA_APPROVAL { 913 #ifdef TPM_USE_TAG_IN_STRUCTURE 914 TPM_STRUCTURE_TAG tag; /* Set to TPM_TAG_CMK_MA_APPROVAL */ 915 #endif 916 TPM_DIGEST migrationAuthorityDigest; /* The hash of a TPM_MSA_COMPOSITE structure 917 containing the hash of one or more migration 918 authority public keys and parameters. */ 919 } TPM_CMK_MA_APPROVAL; 920 921 /* 20.2 Delegate Definitions rev 101 922 923 The delegations are in a 64-bit field. Each bit describes a capability that the TPM Owner can 924 delegate to a trusted process by setting that bit. Each delegation bit setting is independent of 925 any other delegation bit setting in a row. 926 927 If a TPM command is not listed in the following table, then the TPM Owner cannot delegate that 928 capability to a trusted process. For the TPM commands that are listed in the following table, if 929 the bit associated with a TPM command is set to zero in the row of the table that identifies a 930 trusted process, then that process has not been delegated to use that TPM command. 931 932 The minimum granularity for delegation is at the ordinal level. It is not possible to delegate an 933 option of an ordinal. This implies that if the options present a difficulty and there is a need 934 to separate the delegations then there needs to be a split into two separate ordinals. 935 */ 936 937 #define TPM_DEL_OWNER_BITS 0x00000001 938 #define TPM_DEL_KEY_BITS 0x00000002 939 940 typedef struct tdTPM_DELEGATIONS { 941 #ifdef TPM_USE_TAG_IN_STRUCTURE 942 TPM_STRUCTURE_TAG tag; /* This SHALL be TPM_TAG_DELEGATIONS */ 943 #endif 944 uint32_t delegateType; /* Owner or key */ 945 uint32_t per1; /* The first block of permissions */ 946 uint32_t per2; /* The second block of permissions */ 947 } TPM_DELEGATIONS; 948 949 /* 20.4 TPM_FAMILY_LABEL rev 85 950 951 Used in the family table to hold a one-byte numeric value (sequence number) that software can map 952 to a string of bytes that can be displayed or used by applications. 953 954 This is not sensitive data. 955 */ 956 957 #if 0 958 typedef struct tdTPM_FAMILY_LABEL { 959 BYTE label; /* A sequence number that software can map to a string of bytes that can be 960 displayed or used by the applications. This MUST not contain sensitive 961 information. */ 962 } TPM_FAMILY_LABEL; 963 #endif 964 965 typedef BYTE TPM_FAMILY_LABEL; /* NOTE: No need for a structure here */ 966 967 /* 20.5 TPM_FAMILY_TABLE_ENTRY rev 101 968 969 The family table entry is an individual row in the family table. There are no sensitive values in 970 a family table entry. 971 972 Each family table entry contains values to facilitate table management: the familyID sequence 973 number value that associates a family table row with one or more delegate table rows, a 974 verification sequence number value that identifies when rows in the delegate table were last 975 verified, and BYTE family label value that software can map to an ASCII text description of the 976 entity using the family table entry 977 */ 978 979 typedef struct tdTPM_FAMILY_TABLE_ENTRY { 980 #ifdef TPM_USE_TAG_IN_STRUCTURE 981 TPM_STRUCTURE_TAG tag; /* This SHALL be TPM_TAG_FAMILY_TABLE_ENTRY */ 982 #endif 983 TPM_FAMILY_LABEL familyLabel; /* A sequence number that software can map to a string of 984 bytes that can be displayed of used by the applications. 985 This MUST not contain sensitive informations. */ 986 TPM_FAMILY_ID familyID; /* The family ID in use to tie values together. This is not 987 a sensitive value. */ 988 TPM_FAMILY_VERIFICATION verificationCount; /* The value inserted into delegation rows to 989 indicate that they are the current generation of 990 rows. Used to identify when a row in the delegate 991 table was last verified. This is not a sensitive 992 value. */ 993 TPM_FAMILY_FLAGS flags; /* See section on TPM_FAMILY_FLAGS. */ 994 /* NOTE Added */ 995 TPM_BOOL valid; 996 } TPM_FAMILY_TABLE_ENTRY; 997 998 /* 20.6 TPM_FAMILY_TABLE rev 87 999 1000 The family table is stored in a TPM shielded location. There are no confidential values in the 1001 family table. The family table contains a minimum of 8 rows. 1002 */ 1003 1004 #define TPM_NUM_FAMILY_TABLE_ENTRY_MIN 8 1005 1006 typedef struct tdTPM_FAMILY_TABLE { 1007 TPM_FAMILY_TABLE_ENTRY famTableRow[TPM_NUM_FAMILY_TABLE_ENTRY_MIN]; 1008 } TPM_FAMILY_TABLE; 1009 1010 /* 20.7 TPM_DELEGATE_LABEL rev 87 1011 1012 Used in both the delegate table and the family table to hold a string of bytes that can be 1013 displayed or used by applications. This is not sensitive data. 1014 */ 1015 1016 #if 0 1017 typedef struct tdTPM_DELEGATE_LABEL { 1018 BYTE label; /* A byte that can be displayed or used by the applications. This MUST not 1019 contain sensitive information. */ 1020 } TPM_DELEGATE_LABEL; 1021 #endif 1022 1023 typedef BYTE TPM_DELEGATE_LABEL; /* NOTE: No need for structure */ 1024 1025 /* 20.8 TPM_DELEGATE_PUBLIC rev 101 1026 1027 The information of a delegate row that is public and does not have any sensitive information. 1028 1029 PCR_INFO_SHORT is appropriate here as the command to create this is done using owner 1030 authorization, hence the owner authorized the command and the delegation. There is no need to 1031 validate what configuration was controlling the platform during the blob creation. 1032 */ 1033 1034 typedef struct tdTPM_DELEGATE_PUBLIC { 1035 #ifdef TPM_USE_TAG_IN_STRUCTURE 1036 TPM_STRUCTURE_TAG tag; /* This SHALL be TPM_TAG_DELEGATE_PUBLIC */ 1037 #endif 1038 TPM_DELEGATE_LABEL rowLabel; /* This SHALL be the label for the row. It 1039 MUST not contain any sensitive information. */ 1040 TPM_PCR_INFO_SHORT pcrInfo; /* This SHALL be the designation of the process that can use 1041 the permission. This is a not sensitive 1042 value. PCR_SELECTION may be NULL. 1043 1044 If selected the pcrInfo MUST be checked on each use of 1045 the delegation. Use of the delegation is where the 1046 delegation is passed as an authorization handle. */ 1047 TPM_DELEGATIONS permissions; /* This SHALL be the permissions that are allowed to the 1048 indicated process. This is not a sensitive value. */ 1049 TPM_FAMILY_ID familyID; /* This SHALL be the family ID that identifies which family 1050 the row belongs to. This is not a sensitive value. */ 1051 TPM_FAMILY_VERIFICATION verificationCount; /* A copy of verificationCount from the associated 1052 family table. This is not a sensitive value. */ 1053 } TPM_DELEGATE_PUBLIC; 1054 1055 1056 /* 20.9 TPM_DELEGATE_TABLE_ROW rev 101 1057 1058 A row of the delegate table. 1059 */ 1060 1061 typedef struct tdTPM_DELEGATE_TABLE_ROW { 1062 #ifdef TPM_USE_TAG_IN_STRUCTURE 1063 TPM_STRUCTURE_TAG tag; /* This SHALL be TPM_TAG_DELEGATE_TABLE_ROW */ 1064 #endif 1065 TPM_DELEGATE_PUBLIC pub; /* This SHALL be the public information for a table row. */ 1066 TPM_SECRET authValue; /* This SHALL be the authorization value that can use the 1067 permissions. This is a sensitive value. */ 1068 /* NOTE Added */ 1069 TPM_BOOL valid; 1070 } TPM_DELEGATE_TABLE_ROW; 1071 1072 /* 20.10 TPM_DELEGATE_TABLE rev 87 1073 1074 This is the delegate table. The table contains a minimum of 2 rows. 1075 1076 This will be an entry in the TPM_PERMANENT_DATA structure. 1077 */ 1078 1079 #define TPM_NUM_DELEGATE_TABLE_ENTRY_MIN 2 1080 1081 typedef struct tdTPM_DELEGATE_TABLE { 1082 TPM_DELEGATE_TABLE_ROW delRow[TPM_NUM_DELEGATE_TABLE_ENTRY_MIN]; /* The array of delegations */ 1083 } TPM_DELEGATE_TABLE; 1084 1085 /* 20.11 TPM_DELEGATE_SENSITIVE rev 115 1086 1087 The TPM_DELEGATE_SENSITIVE structure is the area of a delegate blob that contains sensitive 1088 information. 1089 1090 This structure is normative for loading unencrypted blobs before there is an owner. It is 1091 informative for TPM_CreateOwnerDelegation and TPM_LoadOwnerDelegation after there is an owner and 1092 encrypted blobs are used, since the structure is under complete control of the TPM. 1093 */ 1094 1095 typedef struct tdTPM_DELEGATE_SENSITIVE { 1096 #ifdef TPM_USE_TAG_IN_STRUCTURE 1097 TPM_STRUCTURE_TAG tag; /* This MUST be TPM_TAG_DELEGATE_SENSITIVE */ 1098 #endif 1099 TPM_SECRET authValue; /* AuthData value */ 1100 } TPM_DELEGATE_SENSITIVE; 1101 1102 /* 20.12 TPM_DELEGATE_OWNER_BLOB rev 87 1103 1104 This data structure contains all the information necessary to externally store a set of owner 1105 delegation rights that can subsequently be loaded or used by this TPM. 1106 1107 The encryption mechanism for the sensitive area is a TPM choice. The TPM may use asymmetric 1108 encryption and the SRK for the key. The TPM may use symmetric encryption and a secret key known 1109 only to the TPM. 1110 */ 1111 1112 typedef struct tdTPM_DELEGATE_OWNER_BLOB { 1113 #ifdef TPM_USE_TAG_IN_STRUCTURE 1114 TPM_STRUCTURE_TAG tag; /* This MUST be TPM_TAG_DELG_OWNER_BLOB */ 1115 #endif 1116 TPM_DELEGATE_PUBLIC pub; /* The public information for this blob */ 1117 TPM_DIGEST integrityDigest; /* The HMAC to guarantee the integrity of the entire structure */ 1118 TPM_SIZED_BUFFER additionalArea; /* An area that the TPM can add to the blob which MUST NOT 1119 contain any sensitive information. This would include any 1120 IV material for symmetric encryption */ 1121 TPM_SIZED_BUFFER sensitiveArea; /* The area that contains the encrypted 1122 TPM_DELEGATE_SENSITIVE */ 1123 } TPM_DELEGATE_OWNER_BLOB; 1124 1125 /* 20.13 TPM_DELEGATE_KEY_BLOB rev 87 1126 1127 A structure identical to TPM_DELEGATE_OWNER_BLOB but which stores delegation information for user 1128 keys. As compared to TPM_DELEGATE_OWNER_BLOB, it adds a hash of the corresponding public key 1129 value to the public information. 1130 */ 1131 1132 typedef struct tdTPM_DELEGATE_KEY_BLOB { 1133 #ifdef TPM_USE_TAG_IN_STRUCTURE 1134 TPM_STRUCTURE_TAG tag; /* This MUST be TPM_TAG_DELG_KEY_BLOB */ 1135 #endif 1136 TPM_DELEGATE_PUBLIC pub; /* The public information for this blob */ 1137 TPM_DIGEST integrityDigest; /* The HMAC to guarantee the integrity of the entire 1138 structure */ 1139 TPM_DIGEST pubKeyDigest; /* The digest, that uniquely identifies the key for which 1140 this usage delegation applies. */ 1141 TPM_SIZED_BUFFER additionalArea; /* An area that the TPM can add to the blob which MUST NOT 1142 contain any sensitive information. This would include any 1143 IV material for symmetric encryption */ 1144 TPM_SIZED_BUFFER sensitiveArea; /* The area that contains the encrypted 1145 TPM_DELEGATE_SENSITIVE */ 1146 } TPM_DELEGATE_KEY_BLOB; 1147 1148 /* 15.1 TPM_CURRENT_TICKS rev 110 1149 1150 This structure holds the current number of time ticks in the TPM. The value is the number of time 1151 ticks from the start of the current session. Session start is a variable function that is 1152 platform dependent. Some platforms may have batteries or other power sources and keep the TPM 1153 clock session across TPM initialization sessions. 1154 1155 The <tickRate> element of the TPM_CURRENT_TICKS structure provides the number of microseconds per 1156 tick. The platform manufacturer must satisfy input clock requirements set by the TPM vendor to 1157 ensure the accuracy of the tickRate. 1158 1159 No external entity may ever set the current number of time ticks held in TPM_CURRENT_TICKS. This 1160 value is always reset to 0 when a new clock session starts and increments under control of the 1161 TPM. 1162 1163 Maintaining the relationship between the number of ticks counted by the TPM and some real world 1164 clock is a task for external software. 1165 */ 1166 1167 /* This is not a true UINT64, but a special structure to hold currentTicks */ 1168 1169 typedef struct tdTPM_UINT64 { 1170 uint32_t sec; 1171 uint32_t usec; 1172 } TPM_UINT64; 1173 1174 typedef struct tdTPM_CURRENT_TICKS { 1175 #ifdef TPM_USE_TAG_IN_STRUCTURE 1176 TPM_STRUCTURE_TAG tag; /* TPM_TAG_CURRENT_TICKS */ 1177 #endif 1178 TPM_UINT64 currentTicks; /* The number of ticks since the start of this tick session */ 1179 /* upper is seconds, lower is useconds */ 1180 uint16_t tickRate; /* The number of microseconds per tick. The maximum resolution of 1181 the TPM tick counter is thus 1 microsecond. The minimum 1182 resolution SHOULD be 1 millisecond. */ 1183 TPM_NONCE tickNonce; /* TPM_NONCE tickNonce The nonce created by the TPM when resetting 1184 the currentTicks to 0. This indicates the beginning of a time 1185 session. This value MUST be valid before the first use of 1186 TPM_CURRENT_TICKS. The value can be set at TPM_Startup or just 1187 prior to first use. */ 1188 /* NOTE Added */ 1189 TPM_UINT64 initialTime; /* Time from TPM_GetTimeOfDay() */ 1190 } TPM_CURRENT_TICKS; 1191 1192 /* 1193 13. Transport Structures 1194 */ 1195 1196 /* 13.1 TPM _TRANSPORT_PUBLIC rev 87 1197 1198 The public information relative to a transport session 1199 */ 1200 1201 typedef struct tdTPM_TRANSPORT_PUBLIC { 1202 #ifdef TPM_USE_TAG_IN_STRUCTURE 1203 TPM_STRUCTURE_TAG tag; /* TPM_TAG_TRANSPORT_PUBLIC */ 1204 #endif 1205 TPM_TRANSPORT_ATTRIBUTES transAttributes; /* The attributes of this session */ 1206 TPM_ALGORITHM_ID algId; /* This SHALL be the algorithm identifier of the 1207 symmetric key. */ 1208 TPM_ENC_SCHEME encScheme; /* This SHALL fully identify the manner in which the 1209 key will be used for encryption operations. */ 1210 } TPM_TRANSPORT_PUBLIC; 1211 1212 /* 13.2 TPM_TRANSPORT_INTERNAL rev 88 1213 1214 The internal information regarding transport session 1215 */ 1216 1217 #define TPM_MIN_TRANS_SESSIONS 3 1218 1219 typedef struct tdTPM_TRANSPORT_INTERNAL { 1220 #ifdef TPM_USE_TAG_IN_STRUCTURE 1221 TPM_STRUCTURE_TAG tag; /* TPM_TAG_TRANSPORT_INTERNAL */ 1222 #endif 1223 TPM_AUTHDATA authData; /* The shared secret for this session */ 1224 TPM_TRANSPORT_PUBLIC transPublic; /* The public information of this session */ 1225 TPM_TRANSHANDLE transHandle; /* The handle for this session */ 1226 TPM_NONCE transNonceEven; /* The even nonce for the rolling protocol */ 1227 TPM_DIGEST transDigest; /* The log of transport events */ 1228 /* added kgold */ 1229 TPM_BOOL valid; /* entry is valid */ 1230 } TPM_TRANSPORT_INTERNAL; 1231 1232 /* 13.3 TPM_TRANSPORT_LOG_IN rev 87 1233 1234 The logging of transport commands occurs in two steps, before execution with the input 1235 parameters and after execution with the output parameters. 1236 1237 This structure is in use for input log calculations. 1238 */ 1239 1240 typedef struct tdTPM_TRANSPORT_LOG_IN { 1241 #ifdef TPM_USE_TAG_IN_STRUCTURE 1242 TPM_STRUCTURE_TAG tag; /* TPM_TAG_TRANSPORT_LOG_IN */ 1243 #endif 1244 TPM_DIGEST parameters; /* The actual parameters contained in the digest are subject to the 1245 rules of the command using this structure. To find the exact 1246 calculation refer to the actions in the command using this 1247 structure. */ 1248 TPM_DIGEST pubKeyHash; /* The hash of any keys in the transport command */ 1249 } TPM_TRANSPORT_LOG_IN; 1250 1251 /* 13.4 TPM_TRANSPORT_LOG_OUT rev 88 1252 1253 The logging of transport commands occurs in two steps, before execution with the input parameters 1254 and after execution with the output parameters. 1255 1256 This structure is in use for output log calculations. 1257 1258 This structure is in use for the INPUT logging during releaseTransport. 1259 */ 1260 1261 typedef struct tdTPM_TRANSPORT_LOG_OUT { 1262 #ifdef TPM_USE_TAG_IN_STRUCTURE 1263 TPM_STRUCTURE_TAG tag; /* TPM_TAG_TRANSPORT_LOG_OUT */ 1264 #endif 1265 TPM_CURRENT_TICKS currentTicks; /* The current tick count. This SHALL be the value of the 1266 current TPM tick counter. */ 1267 TPM_DIGEST parameters; /* The actual parameters contained in the digest are subject 1268 to the rules of the command using this structure. To find 1269 the exact calculation refer to the actions in the command 1270 using this structure. */ 1271 TPM_MODIFIER_INDICATOR locality; /* The locality that called TPM_ExecuteTransport */ 1272 } TPM_TRANSPORT_LOG_OUT; 1273 1274 /* 13.5 TPM_TRANSPORT_AUTH structure rev 87 1275 1276 This structure provides the validation for the encrypted AuthData value. 1277 */ 1278 1279 typedef struct tdTPM_TRANSPORT_AUTH { 1280 #ifdef TPM_USE_TAG_IN_STRUCTURE 1281 TPM_STRUCTURE_TAG tag; /* TPM_TAG_TRANSPORT_AUTH */ 1282 #endif 1283 TPM_AUTHDATA authData; /* The AuthData value */ 1284 } TPM_TRANSPORT_AUTH; 1285 1286 /* 22.3 TPM_DAA_ISSUER rev 91 1287 1288 This structure is the abstract representation of non-secret settings controlling a DAA 1289 context. The structure is required when loading public DAA data into a TPM. TPM_DAA_ISSUER 1290 parameters are normally held outside the TPM as plain text data, and loaded into a TPM when a DAA 1291 session is required. A TPM_DAA_ISSUER structure contains no integrity check: the TPM_DAA_ISSUER 1292 structure at time of JOIN is indirectly verified by the issuer during the JOIN process, and a 1293 digest of the verified TPM_DAA_ISSUER structure is held inside the TPM_DAA_TPM structure created 1294 by the JOIN process. Parameters DAA_digest_X are digests of public DAA_generic_X parameters, and 1295 used to verify that the correct value of DAA_generic_X has been loaded. DAA_generic_q is stored 1296 in its native form to reduce command complexity. 1297 */ 1298 1299 typedef struct tdTPM_DAA_ISSUER { 1300 #ifdef TPM_USE_TAG_IN_STRUCTURE 1301 TPM_STRUCTURE_TAG tag; /* MUST be TPM_TAG_DAA_ISSUER */ 1302 #endif 1303 TPM_DIGEST DAA_digest_R0; /* A digest of the parameter "R0", which is not secret and may be 1304 common to many TPMs. */ 1305 TPM_DIGEST DAA_digest_R1; /* A digest of the parameter "R1", which is not secret and may be 1306 common to many TPMs. */ 1307 TPM_DIGEST DAA_digest_S0; /* A digest of the parameter "S0", which is not secret and may be 1308 common to many TPMs. */ 1309 TPM_DIGEST DAA_digest_S1; /* A digest of the parameter "S1", which is not secret and may be 1310 common to many TPMs. */ 1311 TPM_DIGEST DAA_digest_n; /* A digest of the parameter "n", which is not secret and may be 1312 common to many TPMs. */ 1313 TPM_DIGEST DAA_digest_gamma; /* A digest of the parameter "gamma", which is not secret 1314 and may be common to many TPMs. */ 1315 BYTE DAA_generic_q[26]; /* The parameter q, which is not secret and may be common to 1316 many TPMs. Note that q is slightly larger than a digest, 1317 but is stored in its native form to simplify the 1318 TPM_DAA_join command. Otherwise, JOIN requires 3 input 1319 parameters. */ 1320 } TPM_DAA_ISSUER; 1321 1322 /* 22.4 TPM_DAA_TPM rev 91 1323 1324 This structure is the abstract representation of TPM specific parameters used during a DAA 1325 context. TPM-specific DAA parameters may be stored outside the TPM, and hence this 1326 structure is needed to save private DAA data from a TPM, or load private DAA data into a 1327 TPM. 1328 1329 If a TPM_DAA_TPM structure is stored outside the TPM, it is stored in a confidential format that 1330 can be interpreted only by the TPM created it. This is to ensure that secret parameters are 1331 rendered confidential, and that both secret and non-secret data in TPM_DAA_TPM form a 1332 self-consistent set. 1333 1334 TPM_DAA_TPM includes a digest of the public DAA parameters that were used during creation of the 1335 TPM_DAA_TPM structure. This is needed to verify that a TPM_DAA_TPM is being used with the public 1336 DAA parameters used to create the TPM_DAA_TPM structure. Parameters DAA_digest_v0 and 1337 DAA_digest_v1 are digests of public DAA_private_v0 and DAA_private_v1 parameters, and used to 1338 verify that the correct private parameters have been loaded. 1339 1340 Parameter DAA_count is stored in its native form, because it is smaller than a digest, and is 1341 required to enforce consistency. 1342 */ 1343 1344 typedef struct tdTPM_DAA_TPM { 1345 #ifdef TPM_USE_TAG_IN_STRUCTURE 1346 TPM_STRUCTURE_TAG tag; /* MUST be TPM_TAG_DAA_TPM */ 1347 #endif 1348 TPM_DIGEST DAA_digestIssuer; /* A digest of a TPM_DAA_ISSUER structure that contains the 1349 parameters used to generate this TPM_DAA_TPM 1350 structure. */ 1351 TPM_DIGEST DAA_digest_v0; /* A digest of the parameter "v0", which is secret and specific to 1352 this TPM. "v0" is generated during a JOIN phase. */ 1353 TPM_DIGEST DAA_digest_v1; /* A digest of the parameter "v1", which is secret and specific to 1354 this TPM. "v1" is generated during a JOIN phase. */ 1355 TPM_DIGEST DAA_rekey; /* A digest related to the rekeying process, which is not secret but 1356 is specific to this TPM, and must be consistent across JOIN/SIGN 1357 sessions. "rekey" is generated during a JOIN phase. */ 1358 uint32_t DAA_count; /* The parameter "count", which is not secret but must be consistent 1359 across JOIN/SIGN sessions. "count" is an input to the TPM from 1360 the host system. */ 1361 } TPM_DAA_TPM; 1362 1363 /* 22.5 TPM_DAA_CONTEXT rev 91 1364 1365 TPM_DAA_CONTEXT structure is created and used inside a TPM, and never leaves the TPM. This 1366 entire section is informative as the TPM does not expose this structure. TPM_DAA_CONTEXT 1367 includes a digest of the public and private DAA parameters that were used during creation of the 1368 TPM_DAA_CONTEXT structure. This is needed to verify that a TPM_DAA_CONTEXT is being used with the 1369 public and private DAA parameters used to create the TPM_DAA_CONTEXT structure. 1370 */ 1371 1372 typedef struct tdTPM_DAA_CONTEXT { 1373 #ifdef TPM_USE_TAG_IN_STRUCTURE 1374 TPM_STRUCTURE_TAG tag; /* MUST be TPM_TAG_DAA_CONTEXT */ 1375 #endif 1376 TPM_DIGEST DAA_digestContext; /* A digest of parameters used to generate this 1377 structure. The parameters vary, depending on whether the 1378 session is a JOIN session or a SIGN session. */ 1379 TPM_DIGEST DAA_digest; /* A running digest of certain parameters generated during DAA 1380 computation; operationally the same as a PCR (which holds a 1381 running digest of integrity metrics). */ 1382 TPM_DAA_CONTEXT_SEED DAA_contextSeed; /* The seed used to generate other DAA 1383 session parameters */ 1384 BYTE DAA_scratch[256]; /* Memory used to hold different parameters at different 1385 times of DAA computation, but only one parameter at a 1386 time. The maximum size of this field is 256 bytes */ 1387 BYTE DAA_stage; /* A counter, indicating the stage of DAA computation that was most 1388 recently completed. The value of the counter is zero if the TPM 1389 currently contains no DAA context. 1390 1391 When set to zero (0) the TPM MUST clear all other fields in this 1392 structure. 1393 1394 The TPM MUST set DAA_stage to 0 on TPM_Startup(ANY) */ 1395 TPM_BOOL DAA_scratch_null; 1396 } TPM_DAA_CONTEXT; 1397 1398 /* 22.6 TPM_DAA_JOINDATA rev 91 1399 1400 This structure is the abstract representation of data that exists only during a specific JOIN 1401 session. 1402 */ 1403 1404 typedef struct tdTPM_DAA_JOINDATA { 1405 BYTE DAA_join_u0[128]; /* A TPM-specific secret "u0", used during the JOIN phase, 1406 and discarded afterwards. */ 1407 BYTE DAA_join_u1[138]; /* A TPM-specific secret "u1", used during the JOIN phase, 1408 and discarded afterwards. */ 1409 TPM_DIGEST DAA_digest_n0; /* A digest of the parameter "n0", which is an RSA public key with 1410 exponent 2^16 +1 */ 1411 } TPM_DAA_JOINDATA; 1412 1413 /* DAA Session structure 1414 1415 */ 1416 1417 #define TPM_MIN_DAA_SESSIONS 2 1418 1419 typedef struct tdTPM_DAA_SESSION_DATA { 1420 TPM_DAA_ISSUER DAA_issuerSettings; /* A set of DAA issuer parameters controlling a DAA 1421 session. (non-secret) */ 1422 TPM_DAA_TPM DAA_tpmSpecific; /* A set of DAA parameters associated with a 1423 specific TPM. (secret) */ 1424 TPM_DAA_CONTEXT DAA_session; /* A set of DAA parameters associated with a DAA 1425 session. (secret) */ 1426 TPM_DAA_JOINDATA DAA_joinSession; /* A set of DAA parameters used only during the JOIN 1427 phase of a DAA session, and generated by the 1428 TPM. (secret) */ 1429 /* added kgold */ 1430 TPM_HANDLE daaHandle; /* DAA session handle */ 1431 TPM_BOOL valid; /* array entry is valid */ 1432 /* FIXME should have handle type Join or Sign */ 1433 } TPM_DAA_SESSION_DATA; 1434 1435 /* 22.8 TPM_DAA_BLOB rev 98 1436 1437 The structure passed during the join process 1438 */ 1439 1440 typedef struct tdTPM_DAA_BLOB { 1441 #ifdef TPM_USE_TAG_IN_STRUCTURE 1442 TPM_STRUCTURE_TAG tag; /* MUST be TPM_TAG_DAA_BLOB */ 1443 #endif 1444 TPM_RESOURCE_TYPE resourceType; /* The resource type: enc(DAA_tpmSpecific) or enc(v0) or 1445 enc(v1) */ 1446 BYTE label[16]; /* Label for identification of the blob. Free format 1447 area. */ 1448 TPM_DIGEST blobIntegrity; /* The integrity of the entire blob including the sensitive 1449 area. This is a HMAC calculation with the entire 1450 structure (including sensitiveData) being the hash and 1451 daaProof is the secret */ 1452 TPM_SIZED_BUFFER additionalData; /* Additional information set by the TPM that helps define 1453 and reload the context. The information held in this area 1454 MUST NOT expose any information held in shielded 1455 locations. This should include any IV for symmetric 1456 encryption */ 1457 TPM_SIZED_BUFFER sensitiveData; /* A TPM_DAA_SENSITIVE structure */ 1458 #if 0 1459 uint32_t additionalSize; 1460 [size_is(additionalSize)] BYTE* additionalData; 1461 uint32_t sensitiveSize; 1462 [size_is(sensitiveSize)] BYTE* sensitiveData; 1463 #endif 1464 } TPM_DAA_BLOB; 1465 1466 /* 22.9 TPM_DAA_SENSITIVE rev 91 1467 1468 The encrypted area for the DAA parameters 1469 */ 1470 1471 typedef struct tdTPM_DAA_SENSITIVE { 1472 #ifdef TPM_USE_TAG_IN_STRUCTURE 1473 TPM_STRUCTURE_TAG tag; /* MUST be TPM_TAG_DAA_SENSITIVE */ 1474 #endif 1475 TPM_SIZED_BUFFER internalData; /* DAA_tpmSpecific or DAA_private_v0 or DAA_private_v1 */ 1476 #if 0 1477 uint32_t internalSize; 1478 [size_is(internalSize)] BYTE* internalData; 1479 #endif 1480 } TPM_DAA_SENSITIVE; 1481 1482 #endif 1483 1484 /* 7.1 TPM_PERMANENT_FLAGS rev 110 1485 1486 These flags maintain state information for the TPM. The values are not affected by any 1487 TPM_Startup command. 1488 1489 The flag history includes: 1490 1491 Rev 62 specLevel 1 errataRev 0: 15 BOOLs 1492 Rev 85 specLevel 2 errataRev 0: 19 BOOLs 1493 Added: nvLocked, readSRKPub, tpmEstablished, maintenanceDone 1494 Rev 94 specLevel 2 errataRev 1: 19 BOOLs 1495 Rev 103 specLevel 2 errataRev 2: 20 BOOLs 1496 Added: disableFullDALogicInfo 1497 */ 1498 1499 typedef struct tdTPM_PERMANENT_FLAGS { 1500 TPM_STRUCTURE_TAG tag; /* TPM_TAG_PERMANENT_FLAGS */ 1501 TPM_BOOL disable; /* disable The state of the disable flag. The default state is TRUE 1502 */ 1503 TPM_BOOL ownership; /* The ability to install an owner. The default state is TRUE. */ 1504 TPM_BOOL deactivated; /* The state of the inactive flag. The default state is TRUE. */ 1505 TPM_BOOL readPubek; /* The ability to read the PUBEK without owner authorization. The 1506 default state is TRUE. 1507 1508 set TRUE on owner clear 1509 set FALSE on take owner, disablePubekRead 1510 */ 1511 TPM_BOOL disableOwnerClear; /* Whether the owner authorized clear commands are active. The 1512 default state is FALSE. */ 1513 TPM_BOOL allowMaintenance; /* Whether the TPM Owner may create a maintenance archive. The 1514 default state is TRUE. */ 1515 TPM_BOOL physicalPresenceLifetimeLock; /* This bit can only be set to TRUE; it cannot be set to 1516 FALSE except during the manufacturing process. 1517 1518 FALSE: The state of either physicalPresenceHWEnable or 1519 physicalPresenceCMDEnable MAY be changed. (DEFAULT) 1520 1521 TRUE: The state of either physicalPresenceHWEnable or 1522 physicalPresenceCMDEnable MUST NOT be changed for the 1523 life of the TPM. */ 1524 TPM_BOOL physicalPresenceHWEnable; /* FALSE: Disable the hardware signal indicating physical 1525 presence. (DEFAULT) 1526 1527 TRUE: Enables the hardware signal indicating physical 1528 presence. */ 1529 TPM_BOOL physicalPresenceCMDEnable; /* FALSE: Disable the command indicating physical 1530 presence. (DEFAULT) 1531 1532 TRUE: Enables the command indicating physical 1533 presence. */ 1534 TPM_BOOL CEKPUsed; /* TRUE: The PRIVEK and PUBEK were created using 1535 TPM_CreateEndorsementKeyPair. 1536 1537 FALSE: The PRIVEK and PUBEK were created using a manufacturer's 1538 process. NOTE: This flag has no default value as the key pair 1539 MUST be created by one or the other mechanism. */ 1540 TPM_BOOL TPMpost; /* TRUE: After TPM_Startup, if there is a call to 1541 TPM_ContinueSelfTest the TPM MUST execute the actions of 1542 TPM_SelfTestFull 1543 1544 FALSE: After TPM_Startup, if there is a call to 1545 TPM_ContinueSelfTest the TPM MUST execute TPM_ContinueSelfTest 1546 1547 If the TPM supports the implicit invocation of 1548 TPM_ContinueSelftTest upon the use of an untested resource, the 1549 TPM MUST use the TPMPost flag to call either TPM_ContinueSelfTest 1550 or TPM_SelfTestFull 1551 1552 The TPM manufacturer sets this bit during TPM manufacturing and 1553 the bit is unchangeable after shipping the TPM 1554 1555 The default state is FALSE */ 1556 TPM_BOOL TPMpostLock; /* With the clarification of TPMPost TPMpostLock is now 1557 unnecessary. 1558 This flag is now deprecated */ 1559 TPM_BOOL FIPS; /* TRUE: This TPM operates in FIPS mode 1560 FALSE: This TPM does NOT operate in FIPS mode */ 1561 TPM_BOOL tpmOperator; /* TRUE: The operator authorization value is valid 1562 FALSE: the operator authorization value is not set */ 1563 TPM_BOOL enableRevokeEK; /* TRUE: The TPM_RevokeTrust command is active 1564 FALSE: the TPM RevokeTrust command is disabled */ 1565 TPM_BOOL nvLocked; /* TRUE: All NV area authorization checks are active 1566 FALSE: No NV area checks are performed, except for maxNVWrites. 1567 FALSE is the default value */ 1568 TPM_BOOL readSRKPub; /* TRUE: GetPubKey will return the SRK pub key 1569 FALSE: GetPubKey will not return the SRK pub key 1570 Default SHOULD be FALSE */ 1571 TPM_BOOL tpmEstablished; /* TRUE: TPM_HASH_START has been executed at some time 1572 FALSE: TPM_HASH_START has not been executed at any time 1573 Default is FALSE - resets using TPM_ResetEstablishmentBit */ 1574 TPM_BOOL maintenanceDone; /* TRUE: A maintenance archive has been created for the current 1575 SRK */ 1576 TPM_BOOL disableFullDALogicInfo; /* TRUE: The full dictionary attack TPM_GetCapability info is 1577 deactivated. The returned structure is TPM_DA_INFO_LIMITED. 1578 FALSE: The full dictionary attack TPM_GetCapability info is 1579 activated. The returned structure is TPM_DA_INFO. 1580 Default is FALSE. 1581 */ 1582 /* NOTE: Cannot add vendor specific flags here, since TPM_GetCapability() returns the serialized 1583 structure */ 1584 } TPM_PERMANENT_FLAGS; 1585 1586 /* 7.2 TPM_STCLEAR_FLAGS rev 109 1587 1588 These flags maintain state that is reset on each TPM_Startup(ST_Clear) command. The values are 1589 not affected by TPM_Startup(ST_State) commands. 1590 */ 1591 1592 typedef struct tdTPM_STCLEAR_FLAGS { 1593 TPM_STRUCTURE_TAG tag; /* TPM_TAG_STCLEAR_FLAGS */ 1594 TPM_BOOL deactivated; /* Prevents the operation of most capabilities. There is no 1595 default state. It is initialized by TPM_Startup to the 1596 same value as TPM_PERMANENT_FLAGS -> 1597 deactivated. TPM_SetTempDeactivated sets it to TRUE. */ 1598 TPM_BOOL disableForceClear; /* Prevents the operation of TPM_ForceClear when TRUE. The 1599 default state is FALSE. TPM_DisableForceClear sets it to 1600 TRUE. */ 1601 TPM_BOOL physicalPresence; /* Command assertion of physical presence. The default state 1602 is FALSE. This flag is affected by the 1603 TSC_PhysicalPresence command but not by the hardware 1604 signal. */ 1605 TPM_BOOL physicalPresenceLock; /* Indicates whether changes to the TPM_STCLEAR_FLAGS -> 1606 physicalPresence flag are permitted. 1607 TPM_Startup(ST_CLEAR) sets PhysicalPresenceLock to its 1608 default state of FALSE (allow changes to the 1609 physicalPresence flag). When TRUE, the physicalPresence 1610 flag is FALSE. TSC_PhysicalPresence can change the state 1611 of physicalPresenceLock. */ 1612 TPM_BOOL bGlobalLock; /* Set to FALSE on each TPM_Startup(ST_CLEAR). Set to TRUE 1613 when a write to NV_Index =0 is successful */ 1614 /* NOTE: Cannot add vendor specific flags here, since TPM_GetCapability() returns the serialized 1615 structure */ 1616 } TPM_STCLEAR_FLAGS; 1617 1618 #if 0 1619 1620 1621 /* 7.3 TPM_STANY_FLAGS rev 87 1622 1623 These flags reset on any TPM_Startup command. 1624 */ 1625 1626 typedef struct tdTPM_STANY_FLAGS { 1627 #ifdef TPM_USE_TAG_IN_STRUCTURE 1628 TPM_STRUCTURE_TAG tag; /* TPM_TAG_STANY_FLAGS */ 1629 #endif 1630 TPM_BOOL postInitialise; /* Prevents the operation of most capabilities. There is no default 1631 state. It is initialized by TPM_Init to TRUE. TPM_Startup sets it 1632 to FALSE. */ 1633 TPM_MODIFIER_INDICATOR localityModifier; /*This SHALL indicate for each command the presence of 1634 a locality modifier for the command. It MUST be set 1635 to NULL after the TPM executes each command. */ 1636 #if 0 1637 TPM_BOOL transportExclusive; /* Defaults to FALSE. TRUE when there is an exclusive transport 1638 session active. Execution of ANY command other than 1639 TPM_ExecuteTransport or TPM_ReleaseTransportSigned MUST 1640 invalidate the exclusive transport session. 1641 */ 1642 #endif 1643 TPM_TRANSHANDLE transportExclusive; /* Defaults to 0x00000000, Set to the handle when an 1644 exclusive transport session is active */ 1645 TPM_BOOL TOSPresent; /* Defaults to FALSE 1646 Set to TRUE on TPM_HASH_START 1647 set to FALSE using setCapability */ 1648 /* NOTE: Added kgold */ 1649 TPM_BOOL stateSaved; /* Defaults to FALSE 1650 Set to TRUE on TPM_SaveState 1651 Set to FALSE on any other ordinal 1652 1653 This is an optimization flag, so the file need not be deleted if 1654 it does not exist. 1655 */ 1656 } TPM_STANY_FLAGS; 1657 1658 /* 7.4 TPM_PERMANENT_DATA rev 105 1659 1660 This structure contains the data fields that are permanently held in the TPM and not affected by 1661 TPM_Startup(any). 1662 1663 Many of these fields contain highly confidential and privacy sensitive material. The TPM must 1664 maintain the protections around these fields. 1665 */ 1666 1667 #define TPM_MIN_COUNTERS 4 /* the minimum number of counters is 4 */ 1668 #define TPM_DELEGATE_KEY TPM_KEY 1669 #define TPM_MAX_NV_WRITE_NOOWNER 64 1670 1671 /* Although the ordinal is 32 bits, only the lower 8 bits seem to be used. So for now, define an 1672 array of 256/8 bytes for ordinalAuditStatus - kgold */ 1673 1674 #define TPM_ORDINALS_MAX 256 /* assumes a multiple of CHAR_BIT */ 1675 #define TPM_AUTHDIR_SIZE 1 /* Number of DIR registers */ 1676 1677 #ifdef TPM_VTPM 1678 1679 /* Substructure of TPM_PERMANENT_DATA for VTPM instance data 1680 1681 */ 1682 1683 typedef struct tdTPM_PERMANENT_INSTANCE_DATA { 1684 uint32_t creationMask; /* creationMask from TPM_CreateInstance */ 1685 TPM_INSTANCE_HANDLE parentHandle; /* instance handle of this instance's parent instance */ 1686 TPM_SIZED_BUFFER childHandles; /* instance handle list of this instance's children */ 1687 TPM_NONCE migrationNonce; /* Controls state import using TPM_SetInstanceData */ 1688 TPM_DIGEST migrationDigest; /* Digest of all migrated data structures */ 1689 TPM_BOOL sourceLock; /* Lock instance before export migration */ 1690 TPM_BOOL destinationLock; /* Lock instance before import migration */ 1691 1692 } TPM_PERMANENT_INSTANCE_DATA; 1693 1694 #endif /* TPM_VTPM */ 1695 1696 #ifdef TPM_VENDOR 1697 1698 /* 1699 WEC_CFG_STRUCT 1700 */ 1701 1702 /* Winbond preconfiguration */ 1703 1704 typedef struct tdTPM_WEC_CFG_STRUCT { 1705 BYTE lowBaseAddress; /* reserved - keep FFh value */ 1706 BYTE highBaseAddress; /* reserved - keep FFh value */ 1707 BYTE altCfg; /* GPIO alternate configuration */ 1708 BYTE direction; /* direction (input/output) of GPIO pins */ 1709 BYTE pullUp; /* pull-up of GPIO input pins */ 1710 BYTE pushPull; /* push-pull of open drain of GPIO output pins */ 1711 BYTE cfg_a; /* hardware physical presence, 32 khz clock */ 1712 BYTE cfg_b; /* reserved - keep FFh value */ 1713 BYTE cfg_c; /* reserved - keep FFh value */ 1714 BYTE cfg_d; /* reserved - keep FFh value */ 1715 BYTE cfg_e; /* reserved - keep FFh value */ 1716 BYTE cfg_f; /* software binding */ 1717 BYTE cfg_g; /* tplPost flagm N_FAILS and WEC_GetTpmStatus */ 1718 BYTE cfg_h; /* LpcSelfTest and FIPS flags */ 1719 BYTE cfg_i; /* reserved - keep FFh value */ 1720 BYTE cfg_j; /* reserved - keep FFh value */ 1721 } TPM_WEC_CFG_STRUCT; 1722 1723 #endif /*TPM_VENDOR */ 1724 1725 1726 typedef struct tdTPM_PERMANENT_DATA { 1727 #ifdef TPM_USE_TAG_IN_STRUCTURE 1728 TPM_STRUCTURE_TAG tag; /* TPM_TAG_PERMANENT_DATA */ 1729 #endif 1730 BYTE revMajor; /* This is the TPM major revision indicator. This SHALL be set by 1731 the TPME, only. The default value is manufacturer-specific. */ 1732 BYTE revMinor; /* This is the TPM minor revision indicator. This SHALL be set by 1733 the TPME, only. The default value is manufacturer-specific. */ 1734 TPM_SECRET tpmProof; /* This is a random number that each TPM maintains to validate blobs 1735 in the SEAL and other processes. The default value is 1736 manufacturer-specific. */ 1737 TPM_NONCE EKReset; /* Nonce held by TPM to validate TPM_RevokeTrust. This value is set 1738 as the next 20 bytes from the TPM RNG when the EK is set 1739 (was fipsReset - kgold) */ 1740 TPM_SECRET ownerAuth; /* This is the TPM-Owner's authorization data. The default value is 1741 manufacturer-specific. */ 1742 TPM_SECRET operatorAuth; /* The value that allows the execution of the SetTempDeactivated 1743 command */ 1744 TPM_DIRVALUE authDIR; /* The array of TPM Owner authorized DIR. Points to the same 1745 location as the NV index value. (kgold - was array of 1) */ 1746 #ifndef TPM_NOMAINTENANCE 1747 TPM_PUBKEY manuMaintPub; /* This is the manufacturer's public key to use in the maintenance 1748 operations. The default value is manufacturer-specific. */ 1749 #endif 1750 TPM_KEY endorsementKey; /* This is the TPM's endorsement key pair. */ 1751 TPM_KEY srk; /* This is the TPM's StorageRootKey. */ 1752 TPM_SYMMETRIC_KEY_TOKEN contextKey; /* This is the key in use to perform context saves. The key 1753 may be symmetric or asymmetric. The key size is 1754 predicated by the algorithm in use. */ 1755 TPM_SYMMETRIC_KEY_TOKEN delegateKey; /* This key encrypts delegate rows that are stored 1756 outside the TPM. */ 1757 TPM_COUNTER_VALUE auditMonotonicCounter; /* This SHALL be the audit monotonic counter for the 1758 TPM. This value starts at 0 and increments 1759 according to the rules of auditing */ 1760 TPM_COUNTER_VALUE monotonicCounter[TPM_MIN_COUNTERS]; /* This SHALL be the monotonic 1761 counters for the TPM. The 1762 individual counters start and 1763 increment according to the rules 1764 of monotonic counters. */ 1765 TPM_PCR_ATTRIBUTES pcrAttrib[TPM_NUM_PCR]; /* The attributes for all of the PCR registers 1766 supported by the TPM. */ 1767 BYTE ordinalAuditStatus[TPM_ORDINALS_MAX/CHAR_BIT]; /* Table indicating which ordinals are being 1768 audited. */ 1769 #if 0 1770 /* kgold - The xcrypto RNG is good enough that this is not needed */ 1771 BYTE* rngState; /* State information describing the random number 1772 generator. */ 1773 #endif 1774 TPM_FAMILY_TABLE familyTable; /* The family table in use for delegations */ 1775 TPM_DELEGATE_TABLE delegateTable; /* The delegate table */ 1776 uint32_t lastFamilyID; /* A value that sets the high water mark for family ID's. Set to 0 1777 during TPM manufacturing and never reset. */ 1778 uint32_t noOwnerNVWrite; /* The count of NV writes that have occurred when there is no TPM 1779 Owner. 1780 1781 This value starts at 0 in manufacturing and after each 1782 TPM_OwnerClear. If the value exceeds 64 the TPM returns 1783 TPM_MAXNVWRITES to any command attempting to manipulate the NV 1784 storage. */ 1785 TPM_CMK_DELEGATE restrictDelegate; /* The settings that allow for the delegation and 1786 use on CMK keys. Default value is false. */ 1787 TPM_DAA_TPM_SEED tpmDAASeed; /* This SHALL be a random value generated after generation 1788 of the EK. 1789 1790 tpmDAASeed does not change during TPM Owner changes. If 1791 the EK is removed (RevokeTrust) then the TPM MUST 1792 invalidate the tpmDAASeed. The owner can force a change 1793 in the value through TPM_SetCapability. 1794 1795 (linked to daaProof) */ 1796 TPM_NONCE daaProof; /* This is a random number that each TPM maintains to validate blobs 1797 in the DAA processes. The default value is manufacturer-specific. 1798 1799 The value is not changed when the owner is changed. It is 1800 changed when the EK changes. The owner can force a change in the 1801 value through TPM_SetCapability. */ 1802 unsigned char *daaBlobKey; /* This is the key in use to perform DAA encryption and decryption. 1803 The key may be symmetric or asymmetric. The key size is 1804 predicated by the algorithm in use. 1805 1806 This value MUST be changed when daaProof changes. 1807 1808 This key MUST NOT be a copy of the EK or SRK. 1809 1810 (linked to daaProof) */ 1811 /* NOTE: added kgold */ 1812 TPM_BOOL ownerInstalled; /* TRUE: The TPM has an owner installed. 1813 FALSE: The TPM has no owner installed. (default) */ 1814 BYTE tscOrdinalAuditStatus; /* extra byte to track TSC ordinals */ 1815 #ifdef TPM_VTPM /* VTPM specific ordinals */ 1816 uint32_t instanceOrdinalAuditStatus1; /* extra longs to track vendor specific ordinals */ 1817 uint32_t instanceOrdinalAuditStatus2; 1818 #endif 1819 TPM_BOOL allowLoadMaintPub; /* TRUE allows the TPM_LoadManuMaintPub command */ 1820 1821 #ifdef TPM_VTPM 1822 TPM_PERMANENT_INSTANCE_DATA instanceData; /* substructure for VTPM instance data */ 1823 #endif 1824 #ifdef TPM_VENDOR 1825 TPM_WEC_CFG_STRUCT wecPreConfig; /* Winbond preconfiguration data */ 1826 TPM_BOOL preConfigSet; /* TRUE if the structure has been set through 1827 WEC_PreConfig */ 1828 #endif 1829 } TPM_PERMANENT_DATA; 1830 1831 #define TPM_MIN_AUTH_SESSIONS 3 1832 1833 /* NOTE: Vendor specific */ 1834 1835 typedef struct tdTPM_AUTH_SESSION_DATA { 1836 /* vendor specific */ 1837 TPM_AUTHHANDLE handle; /* Handle for a session */ 1838 TPM_PROTOCOL_ID protocolID; /* TPM_PID_OIAP, TPM_PID_OSAP, TPM_PID_DSAP */ 1839 TPM_ENT_TYPE entityTypeByte; /* The type of entity in use (TPM_ET_SRK, TPM_ET_OWNER, 1840 TPM_ET_KEYHANDLE ... */ 1841 TPM_ADIP_ENC_SCHEME adipEncScheme; /* ADIP encryption scheme */ 1842 TPM_NONCE nonceEven; /* OIAP, OSAP, DSAP */ 1843 TPM_SECRET sharedSecret; /* OSAP */ 1844 TPM_DIGEST entityDigest; /* OSAP tracks which entity established the OSAP session */ 1845 TPM_DELEGATE_PUBLIC pub; /* DSAP */ 1846 TPM_BOOL valid; /* added kgold: array entry is valid */ 1847 } TPM_AUTH_SESSION_DATA; 1848 1849 #ifdef TPM_VTPM 1850 /* 3.3.2 TPM_PCR_LIST 1851 1852 TPM_PCR_LIST is a structure saved by TPM_SetupInstance and returned by TPM_GetCapability. 1853 */ 1854 1855 typedef struct tdTPM_PCR_LIST { 1856 TPM_PCRINDEX pcrIndex; /* Index to a PCR register */ 1857 TPM_DIGEST inDigest; /* The digest representing the event to be recorded. */ 1858 BYTE eventID; /* Identifier for measurements */ 1859 #if 0 1860 uint32_t nameSize; /* The size of the name area */ 1861 BYTE* name; /* Name of an initial measurement */ 1862 #endif 1863 TPM_SIZED_BUFFER name; 1864 } TPM_PCR_LIST; 1865 1866 /* TPM_PCR_LIST_TIMESTAMP 1867 1868 TPM_PCR_LIST_TIMESTAMP is a structure saved by the TPM when logging PCR extensions and returned 1869 by TPM_GetCapability. 1870 */ 1871 1872 typedef struct tdTPM_PCR_LIST_TIMESTAMP { 1873 TPM_COMMAND_CODE ordinal; /* The ordinal that altered the PCR */ 1874 TPM_PCRINDEX pcrIndex; /* Index to a PCR register */ 1875 TPM_DIGEST digest; /* The digest representing the recorded PCR Extension */ 1876 uint32_t timestamp_hi; /* time of the log entry */ 1877 uint32_t timestamp_lo; 1878 } TPM_PCR_LIST_TIMESTAMP; 1879 1880 /* TPM_PCR_LIST_TIMESTAMP_INST 1881 1882 TPM_PCR_LIST_TIMESTAMP_INST is a structure created by the TPM when notifying clients of PCR 1883 extensions. 1884 */ 1885 1886 typedef struct tdTPM_PCR_LIST_TIMESTAMP_INST { 1887 TPM_INSTANCE_HANDLE instance; /* instance handle */ 1888 TPM_COMMAND_CODE ordinal; /* The ordinal that altered the PCR */ 1889 TPM_PCRINDEX pcrIndex; /* Index to a PCR register */ 1890 TPM_DIGEST digest; /* The digest representing the recorded PCR Extensions. */ 1891 uint32_t timestamp_hi; /* time of the log entry */ 1892 uint32_t timestamp_lo; 1893 } TPM_PCR_LIST_TIMESTAMP_INST; 1894 1895 /* Added for virtual TPM support */ 1896 1897 typedef struct tdTPM_VTPM_INSTANCE { 1898 TPM_SYMMETRIC_KEY_TOKEN instanceEncKey; /* symmetric key to encrypt instance migration 1899 blobs */ 1900 TPM_SECRET instanceHmacKey; /* secret used to MAC instance migration blobs */ 1901 TPM_SIZED_BUFFER pcrList; /* PCR lists from TPM_SetupInstance */ 1902 TPM_PCR_SELECTION logPCRSelection; /* Indices of PCRs that should be saved for logging */ 1903 TPM_PCR_SELECTION subscribePCRSelection; /* Indices of PCRs that should be reported to a 1904 subscriber */ 1905 uint32_t logLengthMax; /* Upper limit on the length of the buffer (number of 1906 measurements) used for logging of measurements */ 1907 uint32_t logLength; /* number of measurements in the log */ 1908 TPM_BOOL logOverflow; /* pcrMeasurementLog has overflowed */ 1909 uint32_t subscribeSequenceNumber; /* count of measurements sent to subscriber */ 1910 } TPM_VTPM_INSTANCE; 1911 1912 #endif /* TPM_VTPM */ 1913 1914 /* 3. contextList MUST support a minimum of 16 entries, it MAY support more. */ 1915 #define TPM_MIN_SESSION_LIST 16 1916 1917 /* 7.5 TPM_STCLEAR_DATA rev 101 1918 1919 This is an informative structure and not normative. It is purely for convenience of writing the 1920 spec. 1921 1922 Most of the data in this structure resets on TPM_Startup(ST_Clear). A TPM may implement rules 1923 that provide longer-term persistence for the data. The TPM reflects how it handles the data in 1924 various TPM_GetCapability fields including startup effects. 1925 */ 1926 1927 typedef struct tdTPM_STCLEAR_DATA { 1928 #ifdef TPM_USE_TAG_IN_STRUCTURE 1929 TPM_STRUCTURE_TAG tag; /* TPM_TAG_STCLEAR_DATA */ 1930 #endif 1931 TPM_NONCE contextNonceKey; /* This is the nonce in use to properly identify saved key context 1932 blobs This SHALL be set to all zeros on each TPM_Startup 1933 (ST_Clear). 1934 */ 1935 TPM_COUNT_ID countID; /* This is the handle for the current monotonic counter. This SHALL 1936 be set to zero on each TPM_Startup(ST_Clear). */ 1937 uint32_t ownerReference; /* Points to where to obtain the owner secret in OIAP and OSAP 1938 commands. This allows a TSS to manage 1.1 applications on a 1.2 1939 TPM where delegation is in operation. */ 1940 TPM_BOOL disableResetLock; /* Disables TPM_ResetLockValue upon authorization failure. 1941 The value remains TRUE for the timeout period. 1942 1943 Default is FALSE. 1944 1945 The value is in the STCLEAR_DATA structure as the 1946 implementation of this flag is TPM vendor specific. */ 1947 TPM_PCRVALUE PCRS[TPM_NUM_PCR]; /* Platform configuration registers */ 1948 #if (TPM_REVISION >= 103) /* added for rev 103 */ 1949 uint32_t deferredPhysicalPresence; /* The value can save the assertion of physicalPresence. 1950 Individual bits indicate to its ordinal that 1951 physicalPresence was previously asserted when the 1952 software state is such that it can no longer be asserted. 1953 Set to zero on each TPM_Startup(ST_Clear). */ 1954 #endif 1955 /* NOTE: Added for dictionary attack mitigation */ 1956 uint32_t authFailCount; /* number of authorization failures without a TPM_ResetLockValue */ 1957 uint32_t authFailTime; /* time of threshold failure in seconds */ 1958 /* NOTE: Moved from TPM_STANY_DATA. Saving this state is optional. This implementation 1959 does. */ 1960 TPM_AUTH_SESSION_DATA authSessions[TPM_MIN_AUTH_SESSIONS]; /* List of current 1961 sessions. Sessions can be OSAP, 1962 OIAP, DSAP and Transport */ 1963 /* NOTE: Added for transport */ 1964 TPM_TRANSPORT_INTERNAL transSessions[TPM_MIN_TRANS_SESSIONS]; 1965 /* 22.7 TPM_STANY_DATA Additions (for DAA) - moved to TPM_STCLEAR_DATA for startup state */ 1966 TPM_DAA_SESSION_DATA daaSessions[TPM_MIN_DAA_SESSIONS]; 1967 /* 1. The group of contextNonceSession, contextCount, contextList MUST reset at the same 1968 time. */ 1969 TPM_NONCE contextNonceSession; /* This is the nonce in use to properly identify saved 1970 session context blobs. This MUST be set to all zeros on 1971 each TPM_Startup (ST_Clear). The nonce MAY be set to 1972 null on TPM_Startup( any). */ 1973 uint32_t contextCount; /* This is the counter to avoid session context blob replay 1974 attacks. This MUST be set to 0 on each TPM_Startup 1975 (ST_Clear). The value MAY be set to 0 on TPM_Startup 1976 (any). */ 1977 uint32_t contextList[TPM_MIN_SESSION_LIST]; /* This is the list of outstanding session blobs. 1978 All elements of this array MUST be set to 0 on 1979 each TPM_Startup (ST_Clear). The values MAY be 1980 set to 0 on TPM_Startup (any). */ 1981 /* NOTE Added auditDigest effect, saved with ST_STATE */ 1982 TPM_DIGEST auditDigest; /* This is the extended value that is the audit log. This 1983 SHALL be set to all zeros at the start of each audit 1984 session. */ 1985 /* NOTE Storage for the ordinal response */ 1986 TPM_STORE_BUFFER ordinalResponse; /* outgoing response buffer for this ordinal */ 1987 uint32_t responseCount; /* increments after each response */ 1988 } TPM_STCLEAR_DATA; 1989 1990 /* 7.6 TPM_STANY_DATA rev 87 1991 1992 This is an informative structure and not normative. It is purely for convenience of writing the 1993 spec. 1994 1995 Most of the data in this structure resets on TPM_Startup(ST_State). A TPM may implement rules 1996 that provide longer-term persistence for the data. The TPM reflects how it handles the data in 1997 various getcapability fields including startup effects. 1998 */ 1999 2000 typedef struct tdTPM_STANY_DATA { 2001 #ifdef TPM_USE_TAG_IN_STRUCTURE 2002 TPM_STRUCTURE_TAG tag; /* TPM_TAG_STANY_DATA */ 2003 #endif 2004 TPM_CURRENT_TICKS currentTicks; /* This is the current tick counter. This is reset to 0 2005 according to the rules when the TPM can tick. See the 2006 section on the tick counter for details. */ 2007 } TPM_STANY_DATA; 2008 2009 /* 11. Signed Structures */ 2010 2011 /* 11.1 TPM_CERTIFY_INFO rev 101 2012 2013 When the TPM certifies a key, it must provide a signature with a TPM identity key on information 2014 that describes that key. This structure provides the mechanism to do so. 2015 2016 Key usage and keyFlags must have their upper byte set to zero to avoid collisions with the other 2017 signature headers. 2018 */ 2019 2020 typedef struct tdTPM_CERTIFY_INFO { 2021 TPM_STRUCT_VER version; /* This MUST be 1.1.0.0 */ 2022 TPM_KEY_USAGE keyUsage; /* This SHALL be the same value that would be set in a 2023 TPM_KEY representation of the key to be certified. The 2024 upper byte MUST be zero */ 2025 TPM_KEY_FLAGS keyFlags; /* This SHALL be set to the same value as the corresponding 2026 parameter in the TPM_KEY structure that describes the 2027 public key that is being certified. The upper byte MUST 2028 be zero */ 2029 TPM_AUTH_DATA_USAGE authDataUsage; /* This SHALL be the same value that would be set in a 2030 TPM_KEY representation of the key to be certified */ 2031 TPM_KEY_PARMS algorithmParms; /* This SHALL be the same value that would be set in a 2032 TPM_KEY representation of the key to be certified */ 2033 TPM_DIGEST pubkeyDigest; /* This SHALL be a digest of the value TPM_KEY -> pubKey -> 2034 key in a TPM_KEY representation of the key to be 2035 certified */ 2036 TPM_NONCE data; /* This SHALL be externally provided data. */ 2037 TPM_BOOL parentPCRStatus; /* This SHALL indicate if any parent key was wrapped to a 2038 PCR */ 2039 TPM_SIZED_BUFFER pcrInfo; /* */ 2040 #if 0 2041 uint32_t PCRInfoSize; /* This SHALL be the size of the pcrInfo parameter. A value 2042 of zero indicates that the key is not wrapped to a PCR */ 2043 BYTE* PCRInfo; /* This SHALL be the TPM_PCR_INFO structure. */ 2044 #endif 2045 /* NOTE: kgold - Added this structure, a cache of PCRInfo when not NULL */ 2046 TPM_PCR_INFO *tpm_pcr_info; 2047 } TPM_CERTIFY_INFO; 2048 2049 /* 11.2 TPM_CERTIFY_INFO2 rev 101 2050 2051 When the TPM certifies a key, it must provide a signature with a TPM identity key on information 2052 that describes that key. This structure provides the mechanism to do so. 2053 2054 Key usage and keyFlags must have their upper byte set to zero to avoid collisions with the other 2055 signature headers. 2056 */ 2057 2058 typedef struct tdTPM_CERTIFY_INFO2 { 2059 #ifdef TPM_USE_TAG_IN_STRUCTURE 2060 TPM_STRUCTURE_TAG tag; /* MUST be TPM_TAG_CERTIFY_INFO2 */ 2061 #endif 2062 BYTE fill; /* MUST be 0x00 */ 2063 TPM_PAYLOAD_TYPE payloadType; /* This SHALL be the same value that would be set in a 2064 TPM_KEY representation of the key to be certified */ 2065 TPM_KEY_USAGE keyUsage; /* This SHALL be the same value that would be set in a 2066 TPM_KEY representation of the key to be certified. The 2067 upper byte MUST be zero */ 2068 TPM_KEY_FLAGS keyFlags; /* This SHALL be set to the same value as the corresponding 2069 parameter in the TPM_KEY structure that describes the 2070 public key that is being certified. The upper byte MUST 2071 be zero. */ 2072 TPM_AUTH_DATA_USAGE authDataUsage; /* This SHALL be the same value that would be set in a 2073 TPM_KEY representation of the key to be certified */ 2074 TPM_KEY_PARMS algorithmParms; /* This SHALL be the same value that would be set in a 2075 TPM_KEY representation of the key to be certified */ 2076 TPM_DIGEST pubkeyDigest; /* This SHALL be a digest of the value TPM_KEY -> pubKey -> 2077 key in a TPM_KEY representation of the key to be 2078 certified */ 2079 TPM_NONCE data; /* This SHALL be externally provided data. */ 2080 TPM_BOOL parentPCRStatus; /* This SHALL indicate if any parent key was wrapped to a 2081 PCR */ 2082 #if 0 2083 uint32_t PCRInfoSize; /* This SHALL be the size of the pcrInfo parameter. A value 2084 of zero indicates that the key is not wrapped to a PCR */ 2085 BYTE* PCRInfo; /* This SHALL be the TPM_PCR_INFO_SHORT structure. */ 2086 #endif 2087 TPM_SIZED_BUFFER pcrInfo; 2088 #if 0 2089 uint32_t migrationAuthoritySize; /* This SHALL be the size of migrationAuthority */ 2090 BYTE *migrationAuthority; /* If the key to be certified has [payload == 2091 TPM_PT_MIGRATE_RESTRICTED or payload 2092 ==TPM_PT_MIGRATE_EXTERNAL], migrationAuthority is the 2093 digest of the TPM_MSA_COMPOSITE and has TYPE == 2094 TPM_DIGEST. Otherwise it is NULL. */ 2095 #endif 2096 TPM_SIZED_BUFFER migrationAuthority; 2097 /* NOTE: kgold - Added this structure, a cache of PCRInfo when not NULL */ 2098 TPM_PCR_INFO_SHORT *tpm_pcr_info_short; 2099 } TPM_CERTIFY_INFO2; 2100 2101 /* 11.3 TPM_QUOTE_INFO rev 87 2102 2103 This structure provides the mechanism for the TPM to quote the current values of a list of PCRs. 2104 */ 2105 2106 typedef struct tdTPM_QUOTE_INFO { 2107 TPM_STRUCT_VER version; /* This MUST be 1.1.0.0 */ 2108 BYTE fixed[4]; /* This SHALL always be the string 'QUOT' */ 2109 TPM_COMPOSITE_HASH digestValue; /* This SHALL be the result of the composite hash algorithm 2110 using the current values of the requested PCR indices. */ 2111 TPM_NONCE externalData; /* 160 bits of externally supplied data */ 2112 } TPM_QUOTE_INFO; 2113 2114 #endif 2115 2116 /* 11.4 TPM_QUOTE_INFO2 rev 87 2117 2118 This structure provides the mechanism for the TPM to quote the current values of a list of PCRs. 2119 */ 2120 2121 typedef struct tdTPM_QUOTE_INFO2 { 2122 TPM_STRUCTURE_TAG tag; /* This SHALL be TPM_TAG_QUOTE_INFO2 */ 2123 BYTE fixed[4]; /* This SHALL always be the string 'QUT2' */ 2124 TPM_NONCE externalData; /* 160 bits of externally supplied data */ 2125 TPM_PCR_INFO_SHORT infoShort; /* */ 2126 } TPM_QUOTE_INFO2; 2127 2128 /* 12.1 TPM_EK_BLOB rev 87 2129 2130 This structure provides a wrapper to each type of structure that will be in use when the 2131 endorsement key is in use. 2132 */ 2133 2134 typedef struct tdTPM_EK_BLOB { 2135 TPM_STRUCTURE_TAG tag; /* TPM_TAG_EK_BLOB */ 2136 TPM_EK_TYPE ekType; /* This SHALL be set to reflect the type of blob in use */ 2137 uint32_t blobSize; /* The size of the blob field */ 2138 BYTE blob[MAX_COMMAND_SIZE]; /* The blob of information depending on the type */ 2139 } TPM_EK_BLOB; 2140 2141 /* 12.2 TPM_EK_BLOB_ACTIVATE rev 87 2142 2143 This structure contains the symmetric key to encrypt the identity credential. This structure 2144 always is contained in a TPM_EK_BLOB. 2145 */ 2146 2147 typedef struct tdTPM_EK_BLOB_ACTIVATE { 2148 TPM_STRUCTURE_TAG tag; /* TPM_TAG_EK_BLOB_ACTIVATE */ 2149 TPM_SYMMETRIC_KEY sessionKey; /* This SHALL be the session key used by the CA to encrypt 2150 the TPM_IDENTITY_CREDENTIAL */ 2151 TPM_DIGEST idDigest; /* This SHALL be the digest of the TPM identity public key 2152 that is being certified by the CA */ 2153 TPM_PCR_INFO_SHORT pcrInfo; /* This SHALL indicate the PCR's and localities */ 2154 } TPM_EK_BLOB_ACTIVATE; 2155 2156 #if 0 2157 2158 /* 12.3 TPM_EK_BLOB_AUTH rev 87 2159 2160 This structure contains the symmetric key to encrypt the identity credential. This structure 2161 always is contained in a TPM_EK_BLOB. 2162 */ 2163 2164 typedef struct tdTPM_EK_BLOB_AUTH { 2165 #ifdef TPM_USE_TAG_IN_STRUCTURE 2166 TPM_STRUCTURE_TAG tag; /* TPM_TAG_EK_BLOB_AUTH */ 2167 #endif 2168 TPM_SECRET authValue; /* This SHALL be the authorization value */ 2169 } TPM_EK_BLOB_AUTH; 2170 2171 /* 12.5 TPM_IDENTITY_CONTENTS rev 87 2172 2173 TPM_MakeIdentity uses this structure and the signature of this structure goes to a privacy CA 2174 during the certification process. 2175 */ 2176 2177 typedef struct tdTPM_IDENTITY_CONTENTS { 2178 TPM_STRUCT_VER ver; /* This MUST be 1.1.0.0 */ 2179 uint32_t ordinal; /* This SHALL be the ordinal of the TPM_MakeIdentity 2180 command. */ 2181 TPM_CHOSENID_HASH labelPrivCADigest; /* This SHALL be the result of hashing the chosen 2182 identityLabel and privacyCA for the new TPM 2183 identity */ 2184 TPM_PUBKEY identityPubKey; /* This SHALL be the public key structure of the identity 2185 key */ 2186 } TPM_IDENTITY_CONTENTS; 2187 2188 /* 12.8 TPM_ASYM_CA_CONTENTS rev 87 2189 2190 This structure contains the symmetric key to encrypt the identity credential. 2191 */ 2192 2193 typedef struct tdTPM_ASYM_CA_CONTENTS { 2194 TPM_SYMMETRIC_KEY sessionKey; /* This SHALL be the session key used by the CA to encrypt 2195 the TPM_IDENTITY_CREDENTIAL */ 2196 TPM_DIGEST idDigest; /* This SHALL be the digest of the TPM_PUBKEY of the key 2197 that is being certified by the CA */ 2198 } TPM_ASYM_CA_CONTENTS; 2199 2200 /* 2201 14. Audit Structures 2202 */ 2203 2204 /* 14.1 TPM_AUDIT_EVENT_IN rev 87 2205 2206 This structure provides the auditing of the command upon receipt of the command. It provides the 2207 information regarding the input parameters. 2208 */ 2209 2210 typedef struct tdTPM_AUDIT_EVENT_IN { 2211 #ifdef TPM_USE_TAG_IN_STRUCTURE 2212 TPM_STRUCTURE_TAG tag; /* TPM_TAG_AUDIT_EVENT_IN */ 2213 #endif 2214 TPM_DIGEST inputParms; /* Digest value according to the HMAC digest rules of the 2215 "above the line" parameters (i.e. the first HMAC digest 2216 calculation). When there are no HMAC rules, the input 2217 digest includes all parameters including and after the 2218 ordinal. */ 2219 TPM_COUNTER_VALUE auditCount; /* The current value of the audit monotonic counter */ 2220 } TPM_AUDIT_EVENT_IN; 2221 2222 /* 14.2 TPM_AUDIT_EVENT_OUT rev 87 2223 2224 This structure reports the results of the command execution. It includes the return code and the 2225 output parameters. 2226 */ 2227 2228 typedef struct tdTPM_AUDIT_EVENT_OUT { 2229 #ifdef TPM_USE_TAG_IN_STRUCTURE 2230 TPM_STRUCTURE_TAG tag; /* TPM_TAG_AUDIT_EVENT_OUT */ 2231 #endif 2232 TPM_DIGEST outputParms; /* Digest value according to the HMAC digest rules of the 2233 "above the line" parameters (i.e. the first HMAC digest 2234 calculation). When there are no HMAC rules, the output 2235 digest includes the return code, the ordinal, and all 2236 parameters after the return code. */ 2237 TPM_COUNTER_VALUE auditCount; /* The current value of the audit monotonic counter */ 2238 } TPM_AUDIT_EVENT_OUT; 2239 2240 /* 2241 18. Context structures 2242 */ 2243 2244 /* 18.1 TPM_CONTEXT_BLOB rev 102 2245 2246 This is the header for the wrapped context. The blob contains all information necessary to reload 2247 the context back into the TPM. 2248 2249 The additional data is used by the TPM manufacturer to save information that will assist in the 2250 reloading of the context. This area must not contain any shielded data. For instance, the field 2251 could contain some size information that allows the TPM more efficient loads of the context. The 2252 additional area could not contain one of the primes for a RSA key. 2253 2254 To ensure integrity of the blob when using symmetric encryption the TPM vendor could use some 2255 valid cipher chaining mechanism. To ensure the integrity without depending on correct 2256 implementation, the TPM_CONTEXT_BLOB structure uses a HMAC of the entire structure using tpmProof 2257 as the secret value. 2258 2259 Since both additionalData and sensitiveData are informative, any or all of additionalData 2260 could be moved to sensitiveData. 2261 */ 2262 2263 #define TPM_CONTEXT_LABEL_SIZE 16 2264 2265 typedef struct tdTPM_CONTEXT_BLOB { 2266 #ifdef TPM_USE_TAG_IN_STRUCTURE 2267 TPM_STRUCTURE_TAG tag; /* MUST be TPM_TAG_CONTEXTBLOB */ 2268 #endif 2269 TPM_RESOURCE_TYPE resourceType; /* The resource type */ 2270 TPM_HANDLE handle; /* Previous handle of the resource */ 2271 BYTE label[TPM_CONTEXT_LABEL_SIZE]; /* Label for identification of the blob. Free format 2272 area. */ 2273 uint32_t contextCount; /* MUST be TPM_STANY_DATA -> contextCount when creating the 2274 structure. This value is ignored for context blobs that 2275 reference a key. */ 2276 TPM_DIGEST integrityDigest; /* The integrity of the entire blob including the sensitive 2277 area. This is a HMAC calculation with the entire 2278 structure (including sensitiveData) being the hash and 2279 tpmProof is the secret */ 2280 #if 0 2281 uint32_t additionalSize; 2282 [size_is(additionalSize)] BYTE* additionalData; 2283 uint32_t sensitiveSize; 2284 [size_is(sensitiveSize)] BYTE* sensitiveData; 2285 #endif 2286 TPM_SIZED_BUFFER additionalData; /* Additional information set by the TPM that helps define 2287 and reload the context. The information held in this area 2288 MUST NOT expose any information held in shielded 2289 locations. This should include any IV for symmetric 2290 encryption */ 2291 TPM_SIZED_BUFFER sensitiveData; /* The normal information for the resource that can be 2292 exported */ 2293 } TPM_CONTEXT_BLOB; 2294 2295 /* 18.2 TPM_CONTEXT_SENSITIVE rev 87 2296 2297 The internal areas that the TPM needs to encrypt and store off the TPM. 2298 2299 This is an informative structure and the TPM can implement in any manner they wish. 2300 */ 2301 2302 typedef struct tdTPM_CONTEXT_SENSITIVE { 2303 #ifdef TPM_USE_TAG_IN_STRUCTURE 2304 TPM_STRUCTURE_TAG tag; /* MUST be TPM_TAG_CONTEXT_SENSITIVE */ 2305 #endif 2306 TPM_NONCE contextNonce; /* On context blobs other than keys this MUST be 2307 TPM_STANY_DATA - > contextNonceSession For keys the value 2308 is TPM_STCLEAR_DATA -> contextNonceKey */ 2309 #if 0 2310 uint32_t internalSize; 2311 [size_is(internalSize)] BYTE* internalData; 2312 #endif 2313 TPM_SIZED_BUFFER internalData; /* The internal data area */ 2314 } TPM_CONTEXT_SENSITIVE; 2315 2316 #endif 2317 2318 /* 19.2 TPM_NV_ATTRIBUTES rev 99 2319 2320 This structure allows the TPM to keep track of the data and permissions to manipulate the area. 2321 */ 2322 2323 typedef struct tdTPM_NV_ATTRIBUTES { 2324 TPM_STRUCTURE_TAG tag; /* TPM_TAG_NV_ATTRIBUTES */ 2325 uint32_t attributes; /* The attribute area */ 2326 } TPM_NV_ATTRIBUTES; 2327 2328 /* 19.3 TPM_NV_DATA_PUBLIC rev 110 2329 2330 This structure represents the public description and controls on the NV area. 2331 2332 bReadSTClear and bWriteSTClear are volatile, in that they are set FALSE at TPM_Startup(ST_Clear). 2333 bWriteDefine is persistent, in that it remains TRUE through startup. 2334 2335 A pcrSelect of 0 indicates that the digestAsRelease is not checked. In this case, the TPM is not 2336 required to consume NVRAM space to store the digest, although it may do so. When 2337 TPM_GetCapability (TPM_CAP_NV_INDEX) returns the structure, a TPM that does not store the digest 2338 can return zero. A TPM that does store the digest may return either the digest or zero. 2339 */ 2340 2341 typedef struct tdTPM_NV_DATA_PUBLIC { 2342 TPM_STRUCTURE_TAG tag; /* This SHALL be TPM_TAG_NV_DATA_PUBLIC */ 2343 TPM12_NV_INDEX nvIndex; /* The index of the data area */ 2344 TPM_PCR_INFO_SHORT pcrInfoRead; /* The PCR selection that allows reading of the area */ 2345 TPM_PCR_INFO_SHORT pcrInfoWrite; /* The PCR selection that allows writing of the area */ 2346 TPM_NV_ATTRIBUTES permission; /* The permissions for manipulating the area */ 2347 TPM_BOOL bReadSTClear; /* Set to FALSE on each TPM_Startup(ST_Clear) and set to 2348 TRUE after a ReadValuexxx with datasize of 0 */ 2349 TPM_BOOL bWriteSTClear; /* Set to FALSE on each TPM_Startup(ST_CLEAR) and set to 2350 TRUE after a WriteValuexxx with a datasize of 0. */ 2351 TPM_BOOL bWriteDefine; /* Set to FALSE after TPM_NV_DefineSpace and set to TRUE 2352 after a successful WriteValuexxx with a datasize of 0 */ 2353 uint32_t dataSize; /* The size of the data area in bytes */ 2354 } TPM_NV_DATA_PUBLIC; 2355 2356 #if 0 2357 2358 /* 19.4 TPM_NV_DATA_SENSITIVE rev 101 2359 2360 This is an internal structure that the TPM uses to keep the actual NV data and the controls 2361 regarding the area. 2362 */ 2363 2364 typedef struct tdTPM_NV_DATA_SENSITIVE { 2365 #ifdef TPM_USE_TAG_IN_STRUCTURE 2366 TPM_STRUCTURE_TAG tag; /* This SHALL be TPM_TAG_NV_DATA_SENSITIVE */ 2367 #endif 2368 TPM_NV_DATA_PUBLIC pubInfo; /* The public information regarding this area */ 2369 TPM_AUTHDATA authValue; /* The authorization value to manipulate the value */ 2370 BYTE *data; /* The data area. This MUST not contain any sensitive information as 2371 the TPM does not provide any confidentiality on the data. */ 2372 /* NOTE Added kg */ 2373 TPM_DIGEST digest; /* for OSAP comparison */ 2374 } TPM_NV_DATA_SENSITIVE; 2375 2376 typedef struct tdTPM_NV_INDEX_ENTRIES { 2377 uint32_t nvIndexCount; /* number of entries */ 2378 TPM_NV_DATA_SENSITIVE *tpm_nvindex_entry; /* array of TPM_NV_DATA_SENSITIVE */ 2379 } TPM_NV_INDEX_ENTRIES; 2380 2381 /* TPM_NV_DATA_ST 2382 2383 This is a cache of the the NV defined space volatile flags, used during error rollback 2384 */ 2385 2386 typedef struct tdTPM_NV_DATA_ST { 2387 TPM12_NV_INDEX nvIndex; /* The index of the data area */ 2388 TPM_BOOL bReadSTClear; 2389 TPM_BOOL bWriteSTClear; 2390 } TPM_NV_DATA_ST; 2391 2392 #endif 2393 2394 /* 2395 21. Capability areas 2396 */ 2397 2398 /* 21.6 TPM_CAP_VERSION_INFO rev 99 2399 2400 This structure is an output from a TPM_GetCapability -> TPM_CAP_VERSION_VAL request. TPM returns 2401 the current version and revision of the TPM. 2402 2403 The specLevel and errataRev are defined in the document "Specification and File Naming 2404 Conventions" 2405 2406 The tpmVendorID is a value unique to each vendor. It is defined in the document "TCG Vendor 2407 Naming". 2408 2409 The vendor specific area allows the TPM vendor to provide support for vendor options. The TPM 2410 vendor may define the area to the TPM vendor's needs. 2411 */ 2412 2413 typedef struct tdTPM_CAP_VERSION_INFO { 2414 TPM_STRUCTURE_TAG tag; /* MUST be TPM_TAG_CAP_VERSION_INFO */ 2415 TPM_VERSION version; /* The version and revision */ 2416 uint16_t specLevel; /* A number indicating the level of ordinals supported */ 2417 BYTE errataRev; /* A number indicating the errata version of the specification */ 2418 BYTE tpmVendorID[4]; /* The vendor ID unique to each TPM manufacturer. */ 2419 uint16_t vendorSpecificSize; /* The size of the vendor specific area */ 2420 BYTE vendorSpecific[MAX_COMMAND_SIZE]; /* Vendor specific information */ 2421 } TPM_CAP_VERSION_INFO; 2422 2423 /* 21.10 TPM_DA_ACTION_TYPE rev 100 2424 2425 This structure indicates the action taken when the dictionary attack mitigation logic is active, 2426 when TPM_DA_STATE is TPM_DA_STATE_ACTIVE. 2427 */ 2428 2429 typedef struct tdTPM_DA_ACTION_TYPE { 2430 TPM_STRUCTURE_TAG tag; /* MUST be TPM_TAG_DA_ACTION_TYPE */ 2431 uint32_t actions; /* The action taken when TPM_DA_STATE is TPM_DA_STATE_ACTIVE. */ 2432 } TPM_DA_ACTION_TYPE; 2433 2434 /* 21.7 TPM_DA_INFO rev 100 2435 2436 This structure is an output from a TPM_GetCapability -> TPM_CAP_DA_LOGIC request if 2437 TPM_PERMANENT_FLAGS -> disableFullDALogicInfo is FALSE. 2438 2439 It returns static information describing the TPM response to authorization failures that might 2440 indicate a dictionary attack and dynamic information regarding the current state of the 2441 dictionary attack mitigation logic. 2442 */ 2443 2444 typedef struct tdTPM_DA_INFO { 2445 TPM_STRUCTURE_TAG tag; /* MUST be TPM_TAG_DA_INFO */ 2446 TPM_DA_STATE state; /* Dynamic. The actual state of the dictionary attack mitigation 2447 logic. See 21.9. */ 2448 uint16_t currentCount; /* Dynamic. The actual count of the authorization failure counter 2449 for the selected entity type */ 2450 uint16_t thresholdCount; /* Static. Dictionary attack mitigation threshold count for the 2451 selected entity type */ 2452 TPM_DA_ACTION_TYPE actionAtThreshold; /* Static Action of the TPM when currentCount passes 2453 thresholdCount. See 21.10. */ 2454 uint32_t actionDependValue; /* Dynamic. Action being taken when the dictionary attack 2455 mitigation logic is active. E.g., when actionAtThreshold is 2456 TPM_DA_ACTION_TIMEOUT, this is the lockout time remaining in 2457 seconds. */ 2458 uint32_t vendorDataSize; 2459 uint8_t vendorData[2048]; /* Vendor specific data field */ 2460 } TPM_DA_INFO; 2461 2462 /* 21.8 TPM_DA_INFO_LIMITED rev 100 2463 2464 This structure is an output from a TPM_GetCapability -> TPM_CAP_DA_LOGIC request if 2465 TPM_PERMANENT_FLAGS -> disableFullDALogicInfo is TRUE. 2466 2467 It returns static information describing the TPM response to authorization failures that might 2468 indicate a dictionary attack and dynamic information regarding the current state of the 2469 dictionary attack mitigation logic. This structure omits information that might aid an attacker. 2470 */ 2471 2472 typedef struct tdTPM_DA_INFO_LIMITED { 2473 TPM_STRUCTURE_TAG tag; /* MUST be TPM_TAG_DA_INFO_LIMITED */ 2474 TPM_DA_STATE state; /* Dynamic. The actual state of the dictionary attack mitigation 2475 logic. See 21.9. */ 2476 TPM_DA_ACTION_TYPE actionAtThreshold; /* Static Action of the TPM when currentCount passes 2477 thresholdCount. See 21.10. */ 2478 uint32_t vendorDataSize; 2479 uint8_t vendorData[2048]; /* Vendor specific data field */ 2480 } TPM_DA_INFO_LIMITED; 2481 2482 #endif 2483