Google Git
Sign in
chromium / chromiumos / third_party / tpm-emulator / refs/heads/factory-veyron-7505.B / . / mtm / mtm_structures.h
blob: 33b9dcbf14823100e64318e1cae4f2d939b2635e [file] [log] [blame]
/* Software-based Mobile Trusted Module (MTM) Emulator
* Copyright (C) 2004-2010 Mario Strasser <mast@gmx.net>
*
* This module is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published
* by the Free Software Foundation; either version 2 of the License,
* or (at your option) any later version.
*
* This module is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* $Id$
*/
#ifndef _MTM_STRUCTURES_H_
#define _MTM_STRUCTURES_H_
#include "tpm/tpm_structures.h"
#include "crypto/sha1.h"
/*
* Ordinals
* The command ordinals provide the index value for each command.
*/
#define MTM_ORD_InstallRIM (66 + TPM_PROTECTED_COMMAND)
#define MTM_ORD_LoadVerificationKey (67 + TPM_PROTECTED_COMMAND)
#define MTM_ORD_LoadVerificationRootKeyDisable (68 + TPM_PROTECTED_COMMAND)
#define MTM_ORD_VerifyRIMCert (69 + TPM_PROTECTED_COMMAND)
#define MTM_ORD_VerifyRIMCertAndExtend (72 + TPM_PROTECTED_COMMAND)
#define MTM_ORD_IncrementBootstrapCounter (73 + TPM_PROTECTED_COMMAND)
#define MTM_ORD_SetVerifiedPCRSelection (74 + TPM_PROTECTED_COMMAND)
/*
* TPM_CAPABILITY_AREA Values for TPM_GetCapability
*/
#define TPM_CAP_MTM_PERMANENT_DATA 0x0000000A
/*
* MTM_COUNTER_REFERENCE ([MTM], Section 5.1)
* MTM counter reference structure
*/
#define MTM_COUNTER_SELECT_NONE 0
#define MTM_COUNTER_SELECT_BOOTSTRAP 1
#define MTM_COUNTER_SELECT_RIMPROTECT 2
#define MTM_COUNTER_SELECT_STORAGEPROTECT 3
#define MTM_COUNTER_SELECT_MAX 3
typedef struct MTM_COUNTER_REFERENCE_STRUCT {
BYTE counterSelection;
TPM_ACTUAL_COUNT counterValue;
} MTM_COUNTER_REFERENCE;
#define sizeof_MTM_COUNTER_REFERENCE(s) (1 + 4)
/*
* TPM_VERIFICATION_KEY_ID ([MTM], Section 5.3)
*/
typedef UINT32 TPM_VERIFICATION_KEY_ID;
#define TPM_VERIFICATION_KEY_ID_NONE 0xFFFFFFFF
#define TPM_VERIFICATION_KEY_ID_INTERNAL 0xFFFFFFFE
/*
* TPM_VERIFICATION_KEY_USAGE ([MTM], Section 5.3)
*/
#define TPM_VERIFICATION_KEY_USAGE_MTM_MASK 0x00ff
#define TPM_VERIFICATION_KEY_USAGE_AGENT_MASK 0x0f00
#define TPM_VERIFICATION_KEY_USAGE_VENDOR_MASK 0xf000
#define TPM_VERIFICATION_KEY_USAGE_SIGN_RIMCERT 0x0001
#define TPM_VERIFICATION_KEY_USAGE_SIGN_RIMAUTH 0x0002
#define TPM_VERIFICATION_KEY_USAGE_INCREMENT_BOOTSTRAP 0x0004
/*
* TPM_VERIFICATION_KEY_HANDLE ([MTM], Section 5.3)
* Handle used to refer to TPM_VERIFICATION_KEY structures
*/
typedef UINT32 TPM_VERIFICATION_KEY_HANDLE;
/*
* TPM_VERIFICATION_KEY ([MTM], Section 5.3)
* The TPM_VERIFICATION_KEY structure is used for representing keys in
* the authorization hierarchy used to authorize RIM_Certs for a MTM.
*/
#define TPM_TAG_VERIFICATION_KEY 0x0301
typedef struct TPM_VERIFICATION_KEY_STRUCT {
TPM_STRUCTURE_TAG tag;
UINT16 usageFlags;
TPM_VERIFICATION_KEY_ID parentId;
TPM_VERIFICATION_KEY_ID myId;
MTM_COUNTER_REFERENCE referenceCounter;
TPM_ALGORITHM_ID keyAlgorithm;
TPM_SIG_SCHEME keyScheme;
BYTE extensionDigestSize;
BYTE* extensionDigestData;
UINT32 keySize;
BYTE* keyData;
UINT32 integrityCheckSize;
BYTE* integrityCheckData;
} TPM_VERIFICATION_KEY;
#define sizeof_TPM_VERIFICATION_KEY(s) (2 + 2 + 4 + 4 \
+ sizeof_MTM_COUNTER_REFERENCE(s.referenceCounter) + 4 + 2 + 1 \
+ s.extensionDigestSize + 4 + s.keySize + 4 + s.integrityCheckSize)
#define free_TPM_VERIFICATION_KEY(s) { \
if (s.extensionDigestSize > 0) tpm_free(s.extensionDigestData); \
if (s.keySize > 0) tpm_free(s.keyData); \
if (s.integrityCheckSize > 0) tpm_free(s.integrityCheckData); }
/*
* TPM_RIM_CERTIFICATE ([MTM], Section 5.2)
* A RIM Certificate is a structure authorizing a measurement value
* that is extended using MTM_VerifyRIMCertAndExtend into a PCR
* defined in the RIM Certificate.
*/
#define TPM_TAG_RIM_CERTIFICATE 0x0302
typedef struct TPM_RIM_CERTIFICATE_STRUCT {
TPM_STRUCTURE_TAG tag;
BYTE label[8];
UINT32 rimVersion;
MTM_COUNTER_REFERENCE referenceCounter;
TPM_PCR_INFO_SHORT state;
UINT32 measurementPcrIndex;
TPM_PCRVALUE measurementValue;
TPM_VERIFICATION_KEY_ID parentId;
BYTE extensionDigestSize;
BYTE *extensionDigestData;
UINT32 integrityCheckSize;
BYTE *integrityCheckData;
} TPM_RIM_CERTIFICATE;
#define sizeof_TPM_RIM_CERTIFICATE(s) (2 + 8 + 4 \
+ sizeof_MTM_COUNTER_REFERENCE(s.referenceCounter) \
+ sizeof_TPM_PCR_INFO_SHORT(s.state) \
+ 4 + 20 + 4 + 1 + s.extensionDigestSize \
+ 4 + s.integrityCheckSize)
#define free_TPM_RIM_CERTIFICATE(s) { \
if (s.extensionDigestSize > 0) tpm_free(s.extensionDigestData); \
if (s.integrityCheckSize > 0) tpm_free(s.integrityCheckData); }
/*
* TPM_VERIFICATION_KEY_LOAD_METHODS ([MTM], Section 5.4)
* Methods to load a TPM_VERIFICATION_KEY
*/
typedef BYTE TPM_VERIFICATION_KEY_LOAD_METHODS;
#define TPM_VERIFICATION_KEY_ROOT_LOAD 0x01
#define TPM_VERIFICATION_KEY_INTEGRITY_CHECK_ROOT_DATA_LOAD 0x02
#define TPM_VERIFICATION_KEY_OWNER_AUTHORIZED_LOAD 0x04
#define TPM_VERIFICATION_KEY_CHAIN_AUTHORIZED_LOAD 0x08
/*
* MTM_KEY_DATA
* This structure contains the data for stored MTM verification keys.
*/
typedef struct MTM_KEY_DATA_STRUCT {
BOOL valid;
UINT16 usageFlags;
TPM_VERIFICATION_KEY_ID parentId;
TPM_VERIFICATION_KEY_ID myId;
TPM_ALGORITHM_ID keyAlgorithm;
TPM_SIG_SCHEME keyScheme;
tpm_rsa_public_key_t key;
} MTM_KEY_DATA;
#define sizeof_MTM_KEY_DATA(s) ( \
1 + 2 + 4 + 4 + 4 + 2 + sizeof_RSAPub(s.key))
#define free_MTM_KEY_DATA(s) { tpm_rsa_release_public_key(&s.key); }
/*
* MTM_PERMANENT_DATA ([MTM], Section 5.4)
* The MTM_PERMANENT_DATA structure contains the permanent data associated
* with a MTM that are used by the MTM commands. Note that there is an
* alternative where there is only AIK but no EK defined.
*/
#define MTM_TAG_PERMANENT_DATA 0x0303
#define MTM_MAX_KEYS 10
typedef struct MTM_PERMANENT_DATA_STRUCT {
TPM_STRUCTURE_TAG tag;
BYTE specMajor;
BYTE specMinor;
/* TPM_KEY aik; - not needed as the EK is always present */
TPM_PCR_SELECTION verifiedPCRs;
TPM_COUNT_ID counterRimProtectId;
TPM_COUNT_ID counterStorageProtectId;
TPM_VERIFICATION_KEY_LOAD_METHODS loadVerificationKeyMethods;
BOOL integrityCheckRootValid;
BYTE integrityCheckRootData[SHA1_DIGEST_LENGTH];
TPM_SECRET internalVerificationKey;
/* TPM_SECRET verificationAuth; - is a mirror of the ownerAuth */
MTM_KEY_DATA keys[MTM_MAX_KEYS];
} MTM_PERMANENT_DATA;
static inline int sizeof_MTM_PERMANENT_DATA(MTM_PERMANENT_DATA *s)
{
int i, size = 2 + 1 + 1 + 4 + 4 + 1 + 1 + 20;
size += sizeof_TPM_PCR_SELECTION(s->verifiedPCRs);
size += sizeof(s->integrityCheckRootData);
for (i = 0; i < MTM_MAX_KEYS; i++) {
if (s->keys[i].valid) {
size += sizeof_MTM_KEY_DATA(s->keys[i]);
} else {
size += 1;
}
}
return size;
}
static inline void free_MTM_PERMANENT_DATA(MTM_PERMANENT_DATA *s)
{
int i;
for (i = 0; i < MTM_MAX_KEYS; i++) {
if (s->keys[i].valid) free_MTM_KEY_DATA(s->keys[i]);
}
}
/*
* The MTM_STANY_FLAGS structure houses additional flags that are
* initialized by TPM_Init when the MTM boots.
*/
#define MTM_TAG_STANY_FLAGS 0x0304
typedef struct MTM_STANY_FLAGS_STRUCT {
TPM_TAG tag;
BOOL loadVerificationRootKeyEnabled;
} MTM_STANY_FLAGS;
#define sizeof_MTM_STANY_FLAGS(s) (2 + 1)
/*
* MTM_DATA
* Internal data of the MTM
*/
typedef struct tdMTM_DATA {
struct {
MTM_PERMANENT_DATA data;
} permanent;
struct {
} stclear;
struct {
MTM_STANY_FLAGS flags;
} stany;
} MTM_DATA;
#define sizeof_MTM_DATA(s) (sizeof_MTM_PERMANENT_DATA(&s.permanent.data) \
+ sizeof_MTM_STANY_FLAGS(s.stany.flags))
#define free_MTM_DATA(s) { free_MTM_PERMANENT_DATA(&s.permanent.data); }
#endif /* _MTM_STRUCTURES_H */