1 /*
2 * Copyright (c) 2010-2012 United States Government, as represented by
3 * the Secretary of Defense. All rights reserved.
4 *
5 * based off of the original tools/vtpm_manager code base which is:
6 * Copyright (c) 2005 Intel Corp.
7 * All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 *
13 * * Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 * * Redistributions in binary form must reproduce the above
16 * copyright notice, this list of conditions and the following
17 * disclaimer in the documentation and/or other materials provided
18 * with the distribution.
19 * * Neither the name of Intel Corporation nor the names of its
20 * contributors may be used to endorse or promote products derived
21 * from this software without specific prior written permission.
22 *
23 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
24 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
25 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
26 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
27 * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
28 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
29 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
30 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
31 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
32 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
33 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
34 * OF THE POSSIBILITY OF SUCH DAMAGE.
35 */
36
37 #ifndef __TCG_H__
38 #define __TCG_H__
39
40 #include <stdlib.h>
41 #include <stdint.h>
42 #include "common_types.h"
43
44 // **************************** CONSTANTS *********************************
45
46 // BOOL values
47 #define TRUE 0x01
48 #define FALSE 0x00
49
50 #define TCPA_MAX_BUFFER_LENGTH 0x2000
51
52 //
53 // TPM_COMMAND_CODE values
54 #define TPM_PROTECTED_ORDINAL 0x00000000UL
55 #define TPM_UNPROTECTED_ORDINAL 0x80000000UL
56 #define TPM_CONNECTION_ORDINAL 0x40000000UL
57 #define TPM_VENDOR_ORDINAL 0x20000000UL
58
59 #define TPM_ORD_OIAP (10UL + TPM_PROTECTED_ORDINAL)
60 #define TPM_ORD_OSAP (11UL + TPM_PROTECTED_ORDINAL)
61 #define TPM_ORD_ChangeAuth (12UL + TPM_PROTECTED_ORDINAL)
62 #define TPM_ORD_TakeOwnership (13UL + TPM_PROTECTED_ORDINAL)
63 #define TPM_ORD_ChangeAuthAsymStart (14UL + TPM_PROTECTED_ORDINAL)
64 #define TPM_ORD_ChangeAuthAsymFinish (15UL + TPM_PROTECTED_ORDINAL)
65 #define TPM_ORD_ChangeAuthOwner (16UL + TPM_PROTECTED_ORDINAL)
66 #define TPM_ORD_Extend (20UL + TPM_PROTECTED_ORDINAL)
67 #define TPM_ORD_PcrRead (21UL + TPM_PROTECTED_ORDINAL)
68 #define TPM_ORD_Quote (22UL + TPM_PROTECTED_ORDINAL)
69 #define TPM_ORD_Seal (23UL + TPM_PROTECTED_ORDINAL)
70 #define TPM_ORD_Unseal (24UL + TPM_PROTECTED_ORDINAL)
71 #define TPM_ORD_DirWriteAuth (25UL + TPM_PROTECTED_ORDINAL)
72 #define TPM_ORD_DirRead (26UL + TPM_PROTECTED_ORDINAL)
73 #define TPM_ORD_UnBind (30UL + TPM_PROTECTED_ORDINAL)
74 #define TPM_ORD_CreateWrapKey (31UL + TPM_PROTECTED_ORDINAL)
75 #define TPM_ORD_LoadKey (32UL + TPM_PROTECTED_ORDINAL)
76 #define TPM_ORD_GetPubKey (33UL + TPM_PROTECTED_ORDINAL)
77 #define TPM_ORD_EvictKey (34UL + TPM_PROTECTED_ORDINAL)
78 #define TPM_ORD_CreateMigrationBlob (40UL + TPM_PROTECTED_ORDINAL)
79 #define TPM_ORD_ReWrapKey (41UL + TPM_PROTECTED_ORDINAL)
80 #define TPM_ORD_ConvertMigrationBlob (42UL + TPM_PROTECTED_ORDINAL)
81 #define TPM_ORD_AuthorizeMigrationKey (43UL + TPM_PROTECTED_ORDINAL)
82 #define TPM_ORD_CreateMaintenanceArchive (44UL + TPM_PROTECTED_ORDINAL)
83 #define TPM_ORD_LoadMaintenanceArchive (45UL + TPM_PROTECTED_ORDINAL)
84 #define TPM_ORD_KillMaintenanceFeature (46UL + TPM_PROTECTED_ORDINAL)
85 #define TPM_ORD_LoadManuMaintPub (47UL + TPM_PROTECTED_ORDINAL)
86 #define TPM_ORD_ReadManuMaintPub (48UL + TPM_PROTECTED_ORDINAL)
87 #define TPM_ORD_CertifyKey (50UL + TPM_PROTECTED_ORDINAL)
88 #define TPM_ORD_Sign (60UL + TPM_PROTECTED_ORDINAL)
89 #define TPM_ORD_GetRandom (70UL + TPM_PROTECTED_ORDINAL)
90 #define TPM_ORD_StirRandom (71UL + TPM_PROTECTED_ORDINAL)
91 #define TPM_ORD_SelfTestFull (80UL + TPM_PROTECTED_ORDINAL)
92 #define TPM_ORD_SelfTestStartup (81UL + TPM_PROTECTED_ORDINAL)
93 #define TPM_ORD_CertifySelfTest (82UL + TPM_PROTECTED_ORDINAL)
94 #define TPM_ORD_ContinueSelfTest (83UL + TPM_PROTECTED_ORDINAL)
95 #define TPM_ORD_GetTestResult (84UL + TPM_PROTECTED_ORDINAL)
96 #define TPM_ORD_Reset (90UL + TPM_PROTECTED_ORDINAL)
97 #define TPM_ORD_OwnerClear (91UL + TPM_PROTECTED_ORDINAL)
98 #define TPM_ORD_DisableOwnerClear (92UL + TPM_PROTECTED_ORDINAL)
99 #define TPM_ORD_ForceClear (93UL + TPM_PROTECTED_ORDINAL)
100 #define TPM_ORD_DisableForceClear (94UL + TPM_PROTECTED_ORDINAL)
101 #define TPM_ORD_GetCapabilitySigned (100UL + TPM_PROTECTED_ORDINAL)
102 #define TPM_ORD_GetCapability (101UL + TPM_PROTECTED_ORDINAL)
103 #define TPM_ORD_GetCapabilityOwner (102UL + TPM_PROTECTED_ORDINAL)
104 #define TPM_ORD_OwnerSetDisable (110UL + TPM_PROTECTED_ORDINAL)
105 #define TPM_ORD_PhysicalEnable (111UL + TPM_PROTECTED_ORDINAL)
106 #define TPM_ORD_PhysicalDisable (112UL + TPM_PROTECTED_ORDINAL)
107 #define TPM_ORD_SetOwnerInstall (113UL + TPM_PROTECTED_ORDINAL)
108 #define TPM_ORD_PhysicalSetDeactivated (114UL + TPM_PROTECTED_ORDINAL)
109 #define TPM_ORD_SetTempDeactivated (115UL + TPM_PROTECTED_ORDINAL)
110 #define TPM_ORD_CreateEndorsementKeyPair (120UL + TPM_PROTECTED_ORDINAL)
111 #define TPM_ORD_MakeIdentity (121UL + TPM_PROTECTED_ORDINAL)
112 #define TPM_ORD_ActivateIdentity (122UL + TPM_PROTECTED_ORDINAL)
113 #define TPM_ORD_ReadPubek (124UL + TPM_PROTECTED_ORDINAL)
114 #define TPM_ORD_OwnerReadPubek (125UL + TPM_PROTECTED_ORDINAL)
115 #define TPM_ORD_DisablePubekRead (126UL + TPM_PROTECTED_ORDINAL)
116 #define TPM_ORD_GetAuditEvent (130UL + TPM_PROTECTED_ORDINAL)
117 #define TPM_ORD_GetAuditEventSigned (131UL + TPM_PROTECTED_ORDINAL)
118 #define TPM_ORD_GetOrdinalAuditStatus (140UL + TPM_PROTECTED_ORDINAL)
119 #define TPM_ORD_SetOrdinalAuditStatus (141UL + TPM_PROTECTED_ORDINAL)
120 #define TPM_ORD_Terminate_Handle (150UL + TPM_PROTECTED_ORDINAL)
121 #define TPM_ORD_Init (151UL + TPM_PROTECTED_ORDINAL)
122 #define TPM_ORD_SaveState (152UL + TPM_PROTECTED_ORDINAL)
123 #define TPM_ORD_Startup (153UL + TPM_PROTECTED_ORDINAL)
124 #define TPM_ORD_SetRedirection (154UL + TPM_PROTECTED_ORDINAL)
125 #define TPM_ORD_SHA1Start (160UL + TPM_PROTECTED_ORDINAL)
126 #define TPM_ORD_SHA1Update (161UL + TPM_PROTECTED_ORDINAL)
127 #define TPM_ORD_SHA1Complete (162UL + TPM_PROTECTED_ORDINAL)
128 #define TPM_ORD_SHA1CompleteExtend (163UL + TPM_PROTECTED_ORDINAL)
129 #define TPM_ORD_FieldUpgrade (170UL + TPM_PROTECTED_ORDINAL)
130 #define TPM_ORD_SaveKeyContext (180UL + TPM_PROTECTED_ORDINAL)
131 #define TPM_ORD_LoadKeyContext (181UL + TPM_PROTECTED_ORDINAL)
132 #define TPM_ORD_SaveAuthContext (182UL + TPM_PROTECTED_ORDINAL)
133 #define TPM_ORD_LoadAuthContext (183UL + TPM_PROTECTED_ORDINAL)
134 #define TPM_ORD_SaveContext (184UL + TPM_PROTECTED_ORDINAL)
135 #define TPM_ORD_LoadContext (185UL + TPM_PROTECTED_ORDINAL)
136 #define TPM_ORD_FlushSpecific (186UL + TPM_PROTECTED_ORDINAL)
137 #define TPM_ORD_PCR_Reset (200UL + TPM_PROTECTED_ORDINAL)
138 #define TPM_ORD_NV_DefineSpace (204UL + TPM_PROTECTED_ORDINAL)
139 #define TPM_ORD_NV_WriteValue (205UL + TPM_PROTECTED_ORDINAL)
140 #define TPM_ORD_NV_WriteValueAuth (206UL + TPM_PROTECTED_ORDINAL)
141 #define TPM_ORD_NV_ReadValue (207UL + TPM_PROTECTED_ORDINAL)
142 #define TPM_ORD_NV_ReadValueAuth (208UL + TPM_PROTECTED_ORDINAL)
143 #define TPM_ORD_Delegate_UpdateVerification (209UL + TPM_PROTECTED_ORDINAL)
144 #define TPM_ORD_Delegate_Manage (210UL + TPM_PROTECTED_ORDINAL)
145 #define TPM_ORD_Delegate_CreateKeyDelegation (212UL + TPM_PROTECTED_ORDINAL)
146 #define TPM_ORD_Delegate_CreateOwnerDelegation (213UL + TPM_PROTECTED_ORDINAL)
147 #define TPM_ORD_Delegate_VerifyDelegation (214UL + TPM_PROTECTED_ORDINAL)
148 #define TPM_ORD_Delegate_LoadOwnerDelegation (216UL + TPM_PROTECTED_ORDINAL)
149 #define TPM_ORD_Delegate_ReadAuth (217UL + TPM_PROTECTED_ORDINAL)
150 #define TPM_ORD_Delegate_ReadTable (219UL + TPM_PROTECTED_ORDINAL)
151 #define TPM_ORD_CreateCounter (220UL + TPM_PROTECTED_ORDINAL)
152 #define TPM_ORD_IncrementCounter (221UL + TPM_PROTECTED_ORDINAL)
153 #define TPM_ORD_ReadCounter (222UL + TPM_PROTECTED_ORDINAL)
154 #define TPM_ORD_ReleaseCounter (223UL + TPM_PROTECTED_ORDINAL)
155 #define TPM_ORD_ReleaseCounterOwner (224UL + TPM_PROTECTED_ORDINAL)
156 #define TPM_ORD_EstablishTransport (230UL + TPM_PROTECTED_ORDINAL)
157 #define TPM_ORD_ExecuteTransport (231UL + TPM_PROTECTED_ORDINAL)
158 #define TPM_ORD_ReleaseTransportSigned (232UL + TPM_PROTECTED_ORDINAL)
159 #define TPM_ORD_GetTicks (241UL + TPM_PROTECTED_ORDINAL)
160 #define TPM_ORD_TickStampBlob (242UL + TPM_PROTECTED_ORDINAL)
161 #define TPM_ORD_MAX (256UL + TPM_PROTECTED_ORDINAL)
162
163 #define TSC_ORD_PhysicalPresence (10UL + TPM_CONNECTION_ORDINAL)
164
165
166
167 //
168 // TPM_RESULT values
169 //
170 // just put in the whole table from spec 1.2
171
172 #define TPM_BASE 0x0 // The start of TPM return codes
173 #define TPM_VENDOR_ERROR 0x00000400 // Mask to indicate that the error code is vendor specific for vendor specific commands
174 #define TPM_NON_FATAL 0x00000800 // Mask to indicate that the error code is a non-fatal failure.
175
176 #define TPM_SUCCESS TPM_BASE // Successful completion of the operation
177 #define TPM_AUTHFAIL TPM_BASE + 1 // Authentication failed
178 #define TPM_BADINDEX TPM_BASE + 2 // The index to a PCR, DIR or other register is incorrect
179 #define TPM_BAD_PARAMETER TPM_BASE + 3 // One or more parameter is bad
180 #define TPM_AUDITFAILURE TPM_BASE + 4 // An operation completed successfully but the auditing of that operation failed.
181 #define TPM_CLEAR_DISABLED TPM_BASE + 5 // The clear disable flag is set and all clear operations now require physical access
182 #define TPM_DEACTIVATED TPM_BASE + 6 // The TPM is deactivated
183 #define TPM_DISABLED TPM_BASE + 7 // The TPM is disabled
184 #define TPM_DISABLED_CMD TPM_BASE + 8 // The target command has been disabled
185 #define TPM_FAIL TPM_BASE + 9 // The operation failed
186 #define TPM_BAD_ORDINAL TPM_BASE + 10 // The ordinal was unknown or inconsistent
187 #define TPM_INSTALL_DISABLED TPM_BASE + 11 // The ability to install an owner is disabled
188 #define TPM_INVALID_KEYHANDLE TPM_BASE + 12 // The key handle presented was invalid
189 #define TPM_KEYNOTFOUND TPM_BASE + 13 // The target key was not found
190 #define TPM_INAPPROPRIATE_ENC TPM_BASE + 14 // Unacceptable encryption scheme
191 #define TPM_MIGRATEFAIL TPM_BASE + 15 // Migration authorization failed
192 #define TPM_INVALID_PCR_INFO TPM_BASE + 16 // PCR information could not be interpreted
193 #define TPM_NOSPACE TPM_BASE + 17 // No room to load key.
194 #define TPM_NOSRK TPM_BASE + 18 // There is no SRK set
195 #define TPM_NOTSEALED_BLOB TPM_BASE + 19 // An encrypted blob is invalid or was not created by this TPM
196 #define TPM_OWNER_SET TPM_BASE + 20 // There is already an Owner
197 #define TPM_RESOURCES TPM_BASE + 21 // The TPM has insufficient internal resources to perform the requested action.
198 #define TPM_SHORTRANDOM TPM_BASE + 22 // A random string was too short
199 #define TPM_SIZE TPM_BASE + 23 // The TPM does not have the space to perform the operation.
200 #define TPM_WRONGPCRVAL TPM_BASE + 24 // The named PCR value does not match the current PCR value.
201 #define TPM_BAD_PARAM_SIZE TPM_BASE + 25 // The paramSize argument to the command has the incorrect value
202 #define TPM_SHA_THREAD TPM_BASE + 26 // There is no existing SHA-1 thread.
203 #define TPM_SHA_ERROR TPM_BASE + 27 // The calculation is unable to proceed because the existing SHA-1 thread has already encountered an error.
204 #define TPM_FAILEDSELFTEST TPM_BASE + 28 // Self-test has failed and the TPM has shutdown.
205 #define TPM_AUTH2FAIL TPM_BASE + 29 // The authorization for the second key in a 2 key function failed authorization
206 #define TPM_BADTAG TPM_BASE + 30 // The tag value sent to for a command is invalid
207 #define TPM_IOERROR TPM_BASE + 31 // An IO error occurred transmitting information to the TPM
208 #define TPM_ENCRYPT_ERROR TPM_BASE + 32 // The encryption process had a problem.
209 #define TPM_DECRYPT_ERROR TPM_BASE + 33 // The decryption process did not complete.
210 #define TPM_INVALID_AUTHHANDLE TPM_BASE + 34 // An invalid handle was used.
211 #define TPM_NO_ENDORSEMENT TPM_BASE + 35 // The TPM does not a EK installed
212 #define TPM_INVALID_KEYUSAGE TPM_BASE + 36 // The usage of a key is not allowed
213 #define TPM_WRONG_ENTITYTYPE TPM_BASE + 37 // The submitted entity type is not allowed
214 #define TPM_INVALID_POSTINIT TPM_BASE + 38 // The command was received in the wrong sequence relative to TPM_Init and a subsequent TPM_Startup
215 #define TPM_INAPPROPRIATE_SIG TPM_BASE + 39 // Signed data cannot include additional DER information
216 #define TPM_BAD_KEY_PROPERTY TPM_BASE + 40 // The key properties in TPM_KEY_PARMs are not supported by this TPM
217
218 #define TPM_BAD_MIGRATION TPM_BASE + 41 // The migration properties of this key are incorrect.
219 #define TPM_BAD_SCHEME TPM_BASE + 42 // The signature or encryption scheme for this key is incorrect or not permitted in this situation.
220 #define TPM_BAD_DATASIZE TPM_BASE + 43 // The size of the data (or blob) parameter is bad or inconsistent with the referenced key
221 #define TPM_BAD_MODE TPM_BASE + 44 // A mode parameter is bad, such as capArea or subCapArea for TPM_GetCapability, phsicalPresence parameter for TPM_PhysicalPresence, or migrationType for TPM_CreateMigrationBlob.
222 #define TPM_BAD_PRESENCE TPM_BASE + 45 // Either the physicalPresence or physicalPresenceLock bits have the wrong value
223 #define TPM_BAD_VERSION TPM_BASE + 46 // The TPM cannot perform this version of the capability
224 #define TPM_NO_WRAP_TRANSPORT TPM_BASE + 47 // The TPM does not allow for wrapped transport sessions
225 #define TPM_AUDITFAIL_UNSUCCESSFUL TPM_BASE + 48 // TPM audit construction failed and the underlying command was returning a failure code also
226 #define TPM_AUDITFAIL_SUCCESSFUL TPM_BASE + 49 // TPM audit construction failed and the underlying command was returning success
227 #define TPM_NOTRESETABLE TPM_BASE + 50 // Attempt to reset a PCR register that does not have the resettable attribute
228 #define TPM_NOTLOCAL TPM_BASE + 51 // Attempt to reset a PCR register that requires locality and locality modifier not part of command transport
229 #define TPM_BAD_TYPE TPM_BASE + 52 // Make identity blob not properly typed
230 #define TPM_INVALID_RESOURCE TPM_BASE + 53 // When saving context identified resource type does not match actual resource
231 #define TPM_NOTFIPS TPM_BASE + 54 // The TPM is attempting to execute a command only available when in FIPS mode
232 #define TPM_INVALID_FAMILY TPM_BASE + 55 // The command is attempting to use an invalid family ID
233 #define TPM_NO_NV_PERMISSION TPM_BASE + 56 // The permission to manipulate the NV storage is not available
234 #define TPM_REQUIRES_SIGN TPM_BASE + 57 // The operation requires a signed command
235 #define TPM_KEY_NOTSUPPORTED TPM_BASE + 58 // Wrong operation to load an NV key
236 #define TPM_AUTH_CONFLICT TPM_BASE + 59 // NV_LoadKey blob requires both owner and blob authorization
237 #define TPM_AREA_LOCKED TPM_BASE + 60 // The NV area is locked and not writtable
238 #define TPM_BAD_LOCALITY TPM_BASE + 61 // The locality is incorrect for the attempted operation
239 #define TPM_READ_ONLY TPM_BASE + 62 // The NV area is read only and can't be written to
240 #define TPM_PER_NOWRITE TPM_BASE + 63 // There is no protection on the write to the NV area
241 #define TPM_FAMILYCOUNT TPM_BASE + 64 // The family count value does not match
242 #define TPM_WRITE_LOCKED TPM_BASE + 65 // The NV area has already been written to
243 #define TPM_BAD_ATTRIBUTES TPM_BASE + 66 // The NV area attributes conflict
244 #define TPM_INVALID_STRUCTURE TPM_BASE + 67 // The structure tag and version are invalid or inconsistent
245 #define TPM_KEY_OWNER_CONTROL TPM_BASE + 68 // The key is under control of the TPM Owner and can only be evicted by the TPM Owner.
246 #define TPM_BAD_COUNTER TPM_BASE + 69 // The counter handle is incorrect
247 #define TPM_NOT_FULLWRITE TPM_BASE + 70 // The write is not a complete write of the area
248 #define TPM_CONTEXT_GAP TPM_BASE + 71 // The gap between saved context counts is too large
249 #define TPM_MAXNVWRITES TPM_BASE + 72 // The maximum number of NV writes without an owner has been exceeded
250 #define TPM_NOOPERATOR TPM_BASE + 73 // No operator authorization value is set
251 #define TPM_RESOURCEMISSING TPM_BASE + 74 // The resource pointed to by context is not loaded
252 #define TPM_DELEGATE_LOCK TPM_BASE + 75 // The delegate administration is locked
253 #define TPM_DELEGATE_FAMILY TPM_BASE + 76 // Attempt to manage a family other then the delegated family
254 #define TPM_DELEGATE_ADMIN TPM_BASE + 77 // Delegation table management not enabled
255 #define TPM_TRANSPORT_EXCLUSIVE TPM_BASE + 78 // There was a command executed outside of an exclusive transport session
256
257 // TPM_STARTUP_TYPE values
258 #define TPM_ST_CLEAR 0x0001
259 #define TPM_ST_STATE 0x0002
260 #define TPM_ST_DEACTIVATED 0x003
261
262 // TPM_TAG values
263 #define TPM_TAG_PCR_INFO_LONG 0x0006
264 #define TPM_TAG_STORED_DATA12 0x0016
265 #define TPM_TAG_RQU_COMMAND 0x00c1
266 #define TPM_TAG_RQU_AUTH1_COMMAND 0x00c2
267 #define TPM_TAG_RQU_AUTH2_COMMAND 0x00c3
268 #define TPM_TAG_RSP_COMMAND 0x00c4
269 #define TPM_TAG_RSP_AUTH1_COMMAND 0x00c5
270 #define TPM_TAG_RSP_AUTH2_COMMAND 0x00c6
271
272 // TPM_PAYLOAD_TYPE values
273 #define TPM_PT_ASYM 0x01
274 #define TPM_PT_BIND 0x02
275 #define TPM_PT_MIGRATE 0x03
276 #define TPM_PT_MAINT 0x04
277 #define TPM_PT_SEAL 0x05
278
279 // TPM_ENTITY_TYPE values
280 #define TPM_ET_KEYHANDLE 0x0001
281 #define TPM_ET_OWNER 0x0002
282 #define TPM_ET_DATA 0x0003
283 #define TPM_ET_SRK 0x0004
284 #define TPM_ET_KEY 0x0005
285
286 /// TPM_ResourceTypes
287 #define TPM_RT_KEY 0x00000001
288 #define TPM_RT_AUTH 0x00000002
289 #define TPM_RT_HASH 0x00000003
290 #define TPM_RT_TRANS 0x00000004
291 #define TPM_RT_CONTEXT 0x00000005
292 #define TPM_RT_COUNTER 0x00000006
293 #define TPM_RT_DELEGATE 0x00000007
294 #define TPM_RT_DAA_TPM 0x00000008
295 #define TPM_RT_DAA_V0 0x00000009
296 #define TPM_RT_DAA_V1 0x0000000A
297
298
299
300 // TPM_PROTOCOL_ID values
301 #define TPM_PID_OIAP 0x0001
302 #define TPM_PID_OSAP 0x0002
303 #define TPM_PID_ADIP 0x0003
304 #define TPM_PID_ADCP 0x0004
305 #define TPM_PID_OWNER 0x0005
306
307 // TPM_ALGORITHM_ID values
308 #define TPM_ALG_RSA 0x00000001
309 #define TPM_ALG_SHA 0x00000004
310 #define TPM_ALG_HMAC 0x00000005
311 #define TPM_ALG_AES128 0x00000006
312 #define TPM_ALG_MFG1 0x00000007
313 #define TPM_ALG_AES192 0x00000008
314 #define TPM_ALG_AES256 0x00000009
315 #define TPM_ALG_XOR 0x0000000A
316
317 // TPM_ENC_SCHEME values
318 #define TPM_ES_NONE 0x0001
319 #define TPM_ES_RSAESPKCSv15 0x0002
320 #define TPM_ES_RSAESOAEP_SHA1_MGF1 0x0003
321
322 // TPM_SIG_SCHEME values
323 #define TPM_SS_NONE 0x0001
324 #define TPM_SS_RSASSAPKCS1v15_SHA1 0x0002
325 #define TPM_SS_RSASSAPKCS1v15_DER 0x0003
326
327 /*
328 * TPM_CAPABILITY_AREA Values for TPM_GetCapability ([TPM_Part2], Section 21.1)
329 */
330 #define TPM_CAP_ORD 0x00000001
331 #define TPM_CAP_ALG 0x00000002
332 #define TPM_CAP_PID 0x00000003
333 #define TPM_CAP_FLAG 0x00000004
334 #define TPM_CAP_PROPERTY 0x00000005
335 #define TPM_CAP_VERSION 0x00000006
336 #define TPM_CAP_KEY_HANDLE 0x00000007
337 #define TPM_CAP_CHECK_LOADED 0x00000008
338 #define TPM_CAP_SYM_MODE 0x00000009
339 #define TPM_CAP_KEY_STATUS 0x0000000C
340 #define TPM_CAP_NV_LIST 0x0000000D
341 #define TPM_CAP_MFR 0x00000010
342 #define TPM_CAP_NV_INDEX 0x00000011
343 #define TPM_CAP_TRANS_ALG 0x00000012
344 #define TPM_CAP_HANDLE 0x00000014
345 #define TPM_CAP_TRANS_ES 0x00000015
346 #define TPM_CAP_AUTH_ENCRYPT 0x00000017
347 #define TPM_CAP_SELECT_SIZE 0x00000018
348 #define TPM_CAP_DA_LOGIC 0x00000019
349 #define TPM_CAP_VERSION_VAL 0x0000001A
350
351 /* subCap definitions ([TPM_Part2], Section 21.2) */
352 #define TPM_CAP_PROP_PCR 0x00000101
353 #define TPM_CAP_PROP_DIR 0x00000102
354 #define TPM_CAP_PROP_MANUFACTURER 0x00000103
355 #define TPM_CAP_PROP_KEYS 0x00000104
356 #define TPM_CAP_PROP_MIN_COUNTER 0x00000107
357 #define TPM_CAP_FLAG_PERMANENT 0x00000108
358 #define TPM_CAP_FLAG_VOLATILE 0x00000109
359 #define TPM_CAP_PROP_AUTHSESS 0x0000010A
360 #define TPM_CAP_PROP_TRANSESS 0x0000010B
361 #define TPM_CAP_PROP_COUNTERS 0x0000010C
362 #define TPM_CAP_PROP_MAX_AUTHSESS 0x0000010D
363 #define TPM_CAP_PROP_MAX_TRANSESS 0x0000010E
364 #define TPM_CAP_PROP_MAX_COUNTERS 0x0000010F
365 #define TPM_CAP_PROP_MAX_KEYS 0x00000110
366 #define TPM_CAP_PROP_OWNER 0x00000111
367 #define TPM_CAP_PROP_CONTEXT 0x00000112
368 #define TPM_CAP_PROP_MAX_CONTEXT 0x00000113
369 #define TPM_CAP_PROP_FAMILYROWS 0x00000114
370 #define TPM_CAP_PROP_TIS_TIMEOUT 0x00000115
371 #define TPM_CAP_PROP_STARTUP_EFFECT 0x00000116
372 #define TPM_CAP_PROP_DELEGATE_ROW 0x00000117
373 #define TPM_CAP_PROP_MAX_DAASESS 0x00000119
374 #define TPM_CAP_PROP_DAASESS 0x0000011A
375 #define TPM_CAP_PROP_CONTEXT_DIST 0x0000011B
376 #define TPM_CAP_PROP_DAA_INTERRUPT 0x0000011C
377 #define TPM_CAP_PROP_SESSIONS 0x0000011D
378 #define TPM_CAP_PROP_MAX_SESSIONS 0x0000011E
379 #define TPM_CAP_PROP_CMK_RESTRICTION 0x0000011F
380 #define TPM_CAP_PROP_DURATION 0x00000120
381 #define TPM_CAP_PROP_ACTIVE_COUNTER 0x00000122
382 #define TPM_CAP_PROP_MAX_NV_AVAILABLE 0x00000123
383 #define TPM_CAP_PROP_INPUT_BUFFER 0x00000124
384
385 // TPM_KEY_USAGE values
386 #define TPM_KEY_EK 0x0000
387 #define TPM_KEY_SIGNING 0x0010
388 #define TPM_KEY_STORAGE 0x0011
389 #define TPM_KEY_IDENTITY 0x0012
390 #define TPM_KEY_AUTHCHANGE 0X0013
391 #define TPM_KEY_BIND 0x0014
392 #define TPM_KEY_LEGACY 0x0015
393
394 // TPM_AUTH_DATA_USAGE values
395 #define TPM_AUTH_NEVER 0x00
396 #define TPM_AUTH_ALWAYS 0x01
397
398 // Key Handle of owner and srk
399 #define TPM_OWNER_KEYHANDLE 0x40000001
400 #define TPM_SRK_KEYHANDLE 0x40000000
401
402
403
404 // *************************** TYPEDEFS *********************************
405 typedef UINT32 TPM_RESULT;
406 typedef UINT32 TPM_PCRINDEX;
407 typedef UINT32 TPM_DIRINDEX;
408 typedef UINT32 TPM_HANDLE;
409 typedef TPM_HANDLE TPM_AUTHHANDLE;
410 typedef TPM_HANDLE TCPA_HASHHANDLE;
411 typedef TPM_HANDLE TCPA_HMACHANDLE;
412 typedef TPM_HANDLE TCPA_ENCHANDLE;
413 typedef TPM_HANDLE TPM_KEY_HANDLE;
414 typedef TPM_HANDLE TCPA_ENTITYHANDLE;
415 typedef UINT32 TPM_RESOURCE_TYPE;
416 typedef UINT32 TPM_COMMAND_CODE;
417 typedef UINT16 TPM_PROTOCOL_ID;
418 typedef BYTE TPM_AUTH_DATA_USAGE;
419 typedef UINT16 TPM_ENTITY_TYPE;
420 typedef UINT32 TPM_ALGORITHM_ID;
421 typedef UINT16 TPM_KEY_USAGE;
422 typedef UINT16 TPM_STARTUP_TYPE;
423 typedef UINT32 TPM_CAPABILITY_AREA;
424 typedef UINT16 TPM_ENC_SCHEME;
425 typedef UINT16 TPM_SIG_SCHEME;
426 typedef UINT16 TPM_MIGRATE_SCHEME;
427 typedef UINT16 TPM_PHYSICAL_PRESENCE;
428 typedef UINT32 TPM_KEY_FLAGS;
429
430 #define TPM_DIGEST_SIZE 20 // Don't change this
431 typedef BYTE TPM_AUTHDATA[TPM_DIGEST_SIZE];
432 typedef TPM_AUTHDATA TPM_SECRET;
433 typedef TPM_AUTHDATA TPM_ENCAUTH;
434 typedef BYTE TPM_PAYLOAD_TYPE;
435 typedef UINT16 TPM_TAG;
436 typedef UINT16 TPM_STRUCTURE_TAG;
437
438 // Data Types of the TCS
439 typedef UINT32 TCS_AUTHHANDLE; // Handle addressing a authorization session
440 typedef UINT32 TCS_CONTEXT_HANDLE; // Basic context handle
441 typedef UINT32 TCS_KEY_HANDLE; // Basic key handle
442
443 // ************************* STRUCTURES **********************************
444
445 typedef struct TPM_VERSION {
446 BYTE major;
447 BYTE minor;
448 BYTE revMajor;
449 BYTE revMinor;
450 } TPM_VERSION;
451
452 static const TPM_VERSION TPM_STRUCT_VER_1_1 = { 1,1,0,0 };
453
454 typedef struct TPM_CAP_VERSION_INFO {
455 TPM_STRUCTURE_TAG tag;
456 TPM_VERSION version;
457 UINT16 specLevel;
458 BYTE errataRev;
459 BYTE tpmVendorID[4];
460 UINT16 vendorSpecificSize;
461 BYTE* vendorSpecific;
462 } TPM_CAP_VERSION_INFO;
463
464 static
free_TPM_CAP_VERSION_INFO(TPM_CAP_VERSION_INFO * v)465 inline void free_TPM_CAP_VERSION_INFO(TPM_CAP_VERSION_INFO* v) {
466 free(v->vendorSpecific);
467 v->vendorSpecific = NULL;
468 }
469
470 typedef struct TPM_DIGEST {
471 BYTE digest[TPM_DIGEST_SIZE];
472 } TPM_DIGEST;
473
474 typedef TPM_DIGEST TPM_PCRVALUE;
475 typedef TPM_DIGEST TPM_COMPOSITE_HASH;
476 typedef TPM_DIGEST TPM_DIRVALUE;
477 typedef TPM_DIGEST TPM_HMAC;
478 typedef TPM_DIGEST TPM_CHOSENID_HASH;
479
480 typedef struct TPM_NONCE {
481 BYTE nonce[TPM_DIGEST_SIZE];
482 } TPM_NONCE;
483
484 typedef struct TPM_SYMMETRIC_KEY_PARMS {
485 UINT32 keyLength;
486 UINT32 blockSize;
487 UINT32 ivSize;
488 BYTE* IV;
489 } TPM_SYMMETRIC_KEY_PARMS;
490
491 typedef struct TPM_SYMMETRIC_KEY {
492 UINT32 algId;
493 UINT16 encScheme;
494 UINT16 size;
495 BYTE* data;
496 } TPM_SYMMETRIC_KEY;
497
498 static
free_TPM_SYMMETRIC_KEY_PARMS(TPM_SYMMETRIC_KEY_PARMS * p)499 inline void free_TPM_SYMMETRIC_KEY_PARMS(TPM_SYMMETRIC_KEY_PARMS* p) {
500 free(p->IV);
501 p->IV = NULL;
502 }
503
504 #define TPM_SYMMETRIC_KEY_PARMS_INIT { 0, 0, 0, NULL }
505
506 typedef struct TPM_RSA_KEY_PARMS {
507 UINT32 keyLength;
508 UINT32 numPrimes;
509 UINT32 exponentSize;
510 BYTE* exponent;
511 } TPM_RSA_KEY_PARMS;
512
513 #define TPM_RSA_KEY_PARMS_INIT { 0, 0, 0, NULL }
514
515 static
free_TPM_RSA_KEY_PARMS(TPM_RSA_KEY_PARMS * p)516 inline void free_TPM_RSA_KEY_PARMS(TPM_RSA_KEY_PARMS* p) {
517 free(p->exponent);
518 p->exponent = NULL;
519 }
520
521 typedef struct TPM_KEY_PARMS {
522 TPM_ALGORITHM_ID algorithmID;
523 TPM_ENC_SCHEME encScheme;
524 TPM_SIG_SCHEME sigScheme;
525 UINT32 parmSize;
526 union {
527 TPM_SYMMETRIC_KEY_PARMS sym;
528 TPM_RSA_KEY_PARMS rsa;
529 } parms;
530 } TPM_KEY_PARMS;
531
532 #define TPM_KEY_PARMS_INIT { 0, 0, 0, 0 }
533
534 static
free_TPM_KEY_PARMS(TPM_KEY_PARMS * p)535 inline void free_TPM_KEY_PARMS(TPM_KEY_PARMS* p) {
536 if(p->parmSize) {
537 switch(p->algorithmID) {
538 case TPM_ALG_RSA:
539 free_TPM_RSA_KEY_PARMS(&p->parms.rsa);
540 break;
541 case TPM_ALG_AES128:
542 case TPM_ALG_AES192:
543 case TPM_ALG_AES256:
544 free_TPM_SYMMETRIC_KEY_PARMS(&p->parms.sym);
545 break;
546 }
547 }
548 }
549
550 typedef struct TPM_STORE_PUBKEY {
551 UINT32 keyLength;
552 BYTE* key;
553 } TPM_STORE_PUBKEY;
554
555 #define TPM_STORE_PUBKEY_INIT { 0, NULL }
556
557 static
free_TPM_STORE_PUBKEY(TPM_STORE_PUBKEY * p)558 inline void free_TPM_STORE_PUBKEY(TPM_STORE_PUBKEY* p) {
559 free(p->key);
560 p->key = NULL;
561 }
562
563 typedef struct TPM_PUBKEY {
564 TPM_KEY_PARMS algorithmParms;
565 TPM_STORE_PUBKEY pubKey;
566 } TPM_PUBKEY;
567
568 #define TPM_PUBKEY_INIT { TPM_KEY_PARMS_INIT, TPM_STORE_PUBKEY_INIT }
569
570 static
free_TPM_PUBKEY(TPM_PUBKEY * k)571 inline void free_TPM_PUBKEY(TPM_PUBKEY* k) {
572 free_TPM_KEY_PARMS(&k->algorithmParms);
573 free_TPM_STORE_PUBKEY(&k->pubKey);
574 }
575
576 typedef struct TPM_PCR_SELECTION {
577 UINT16 sizeOfSelect;
578 BYTE* pcrSelect;
579 } TPM_PCR_SELECTION;
580
581 #define TPM_PCR_SELECTION_INIT { 0, NULL }
582
583 static
free_TPM_PCR_SELECTION(TPM_PCR_SELECTION * p)584 inline void free_TPM_PCR_SELECTION(TPM_PCR_SELECTION* p) {
585 free(p->pcrSelect);
586 p->pcrSelect = NULL;
587 }
588
589 #define TPM_LOCALITY_SELECTION BYTE
590
591 typedef struct TPM_PCR_INFO_LONG {
592 TPM_STRUCTURE_TAG tag;
593 TPM_LOCALITY_SELECTION localityAtCreation;
594 TPM_LOCALITY_SELECTION localityAtRelease;
595 TPM_PCR_SELECTION creationPCRSelection;
596 TPM_PCR_SELECTION releasePCRSelection;
597 TPM_COMPOSITE_HASH digestAtCreation;
598 TPM_COMPOSITE_HASH digestAtRelease;
599 } TPM_PCR_INFO_LONG;
600
601 #define TPM_PCR_INFO_LONG_INIT { 0, 0, 0, TPM_PCR_SELECTION_INIT, \
602 TPM_PCR_SELECTION_INIT }
603
604 static
free_TPM_PCR_INFO_LONG(TPM_PCR_INFO_LONG * p)605 inline void free_TPM_PCR_INFO_LONG(TPM_PCR_INFO_LONG* p) {
606 free_TPM_PCR_SELECTION(&p->creationPCRSelection);
607 free_TPM_PCR_SELECTION(&p->releasePCRSelection);
608 }
609
610 typedef struct TPM_PCR_INFO {
611 TPM_PCR_SELECTION pcrSelection;
612 TPM_COMPOSITE_HASH digestAtRelease;
613 TPM_COMPOSITE_HASH digestAtCreation;
614 } TPM_PCR_INFO;
615
616 #define TPM_PCR_INFO_INIT { TPM_PCR_SELECTION_INIT }
617
618 static
free_TPM_PCR_INFO(TPM_PCR_INFO * p)619 inline void free_TPM_PCR_INFO(TPM_PCR_INFO* p) {
620 free_TPM_PCR_SELECTION(&p->pcrSelection);
621 }
622
623 typedef struct TPM_PCR_COMPOSITE {
624 TPM_PCR_SELECTION select;
625 UINT32 valueSize;
626 TPM_PCRVALUE* pcrValue;
627 } TPM_PCR_COMPOSITE;
628
629 #define TPM_PCR_COMPOSITE_INIT { TPM_PCR_SELECTION_INIT, 0, NULL }
630
631 static
free_TPM_PCR_COMPOSITE(TPM_PCR_COMPOSITE * p)632 inline void free_TPM_PCR_COMPOSITE(TPM_PCR_COMPOSITE* p) {
633 free_TPM_PCR_SELECTION(&p->select);
634 free(p->pcrValue);
635 p->pcrValue = NULL;
636 }
637
638 typedef struct TPM_KEY {
639 TPM_VERSION ver;
640 TPM_KEY_USAGE keyUsage;
641 TPM_KEY_FLAGS keyFlags;
642 TPM_AUTH_DATA_USAGE authDataUsage;
643 TPM_KEY_PARMS algorithmParms;
644 UINT32 PCRInfoSize;
645 TPM_PCR_INFO PCRInfo;
646 TPM_STORE_PUBKEY pubKey;
647 UINT32 encDataSize;
648 BYTE* encData;
649 } TPM_KEY;
650
651 #define TPM_KEY_INIT { .algorithmParms = TPM_KEY_PARMS_INIT,\
652 .PCRInfoSize = 0, .PCRInfo = TPM_PCR_INFO_INIT, \
653 .pubKey = TPM_STORE_PUBKEY_INIT, \
654 .encDataSize = 0, .encData = NULL }
655
656 static
free_TPM_KEY(TPM_KEY * k)657 inline void free_TPM_KEY(TPM_KEY* k) {
658 if(k->PCRInfoSize) {
659 free_TPM_PCR_INFO(&k->PCRInfo);
660 }
661 free_TPM_STORE_PUBKEY(&k->pubKey);
662 free(k->encData);
663 k->encData = NULL;
664 }
665
666 typedef struct TPM_BOUND_DATA {
667 TPM_VERSION ver;
668 TPM_PAYLOAD_TYPE payload;
669 BYTE* payloadData;
670 } TPM_BOUND_DATA;
671
672 #define TPM_BOUND_DATA_INIT { .payloadData = NULL }
673
674 static
free_TPM_BOUND_DATA(TPM_BOUND_DATA * d)675 inline void free_TPM_BOUND_DATA(TPM_BOUND_DATA* d) {
676 free(d->payloadData);
677 d->payloadData = NULL;
678 }
679
680 typedef struct TPM_STORED_DATA {
681 TPM_VERSION ver;
682 UINT32 sealInfoSize;
683 TPM_PCR_INFO sealInfo;
684 UINT32 encDataSize;
685 BYTE* encData;
686 } TPM_STORED_DATA;
687
688 #define TPM_STORED_DATA_INIT { .sealInfoSize = 0, sealInfo = TPM_PCR_INFO_INIT,\
689 .encDataSize = 0, .encData = NULL }
690
691 static
free_TPM_STORED_DATA(TPM_STORED_DATA * d)692 inline void free_TPM_STORED_DATA(TPM_STORED_DATA* d) {
693 if(d->sealInfoSize) {
694 free_TPM_PCR_INFO(&d->sealInfo);
695 }
696 free(d->encData);
697 d->encData = NULL;
698 }
699
700 typedef struct TPM_STORED_DATA12 {
701 TPM_STRUCTURE_TAG tag;
702 TPM_ENTITY_TYPE et;
703 UINT32 sealInfoLongSize;
704 TPM_PCR_INFO_LONG sealInfoLong;
705 UINT32 encDataSize;
706 BYTE* encData;
707 } TPM_STORED_DATA12;
708
709 #define TPM_STORED_DATA12_INIT { .sealInfoLongSize = 0, \
710 sealInfoLong = TPM_PCR_INFO_INIT, .encDataSize = 0, .encData = NULL }
711
712 static
free_TPM_STORED_DATA12(TPM_STORED_DATA12 * d)713 inline void free_TPM_STORED_DATA12(TPM_STORED_DATA12* d) {
714 if(d->sealInfoLongSize) {
715 free_TPM_PCR_INFO_LONG(&d->sealInfoLong);
716 }
717 free(d->encData);
718 d->encData = NULL;
719 }
720
721 typedef struct TPM_AUTH_SESSION {
722 TPM_AUTHHANDLE AuthHandle;
723 TPM_NONCE NonceOdd; // system
724 TPM_NONCE NonceEven; // TPM
725 BOOL fContinueAuthSession;
726 TPM_AUTHDATA HMAC;
727 } TPM_AUTH_SESSION;
728
729 #define TPM_AUTH_SESSION_INIT { .AuthHandle = 0, .fContinueAuthSession = FALSE }
730
731 // ---------------------- Functions for checking TPM_RESULTs -----------------
732
733 #include <stdio.h>
734
735 // FIXME: Review use of these and delete unneeded ones.
736
737 // these are really badly dependent on local structure:
738 // DEPENDS: local var 'status' of type TPM_RESULT
739 // DEPENDS: label 'abort_egress' which cleans up and returns the status
740 #define ERRORDIE(s) do { status = s; \
741 fprintf (stderr, "*** ERRORDIE in %s at %s: %i\n", __func__, __FILE__, __LINE__); \
742 goto abort_egress; } \
743 while (0)
744
745 // DEPENDS: local var 'status' of type TPM_RESULT
746 // DEPENDS: label 'abort_egress' which cleans up and returns the status
747 // Try command c. If it fails, set status to s and goto abort.
748 #define TPMTRY(s,c) if (c != TPM_SUCCESS) { \
749 status = s; \
750 printf("ERROR in %s at %s:%i code: %s.\n", __func__, __FILE__, __LINE__, tpm_get_error_name(status)); \
751 goto abort_egress; \
752 } else {\
753 status = c; \
754 }
755
756 // Try command c. If it fails, print error message, set status to actual return code. Goto abort
757 #define TPMTRYRETURN(c) do { status = c; \
758 if (status != TPM_SUCCESS) { \
759 fprintf(stderr, "ERROR in %s at %s:%i code: %s.\n", __func__, __FILE__, __LINE__, tpm_get_error_name(status)); \
760 goto abort_egress; \
761 } \
762 } while(0)
763
764
765 #endif //__TCPA_H__
766