OLD | NEW |
(Empty) | |
| 1 /* Software-based Mobile Trusted Module (MTM) Emulator |
| 2 * Copyright (C) 2004-2010 Mario Strasser <mast@gmx.net> |
| 3 * |
| 4 * This module is free software; you can redistribute it and/or modify |
| 5 * it under the terms of the GNU General Public License as published |
| 6 * by the Free Software Foundation; either version 2 of the License, |
| 7 * or (at your option) any later version. |
| 8 * |
| 9 * This module is distributed in the hope that it will be useful, |
| 10 * but WITHOUT ANY WARRANTY; without even the implied warranty of |
| 11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| 12 * GNU General Public License for more details. |
| 13 * |
| 14 * $Id$ |
| 15 */ |
| 16 |
| 17 #ifndef _MTM_STRUCTURES_H_ |
| 18 #define _MTM_STRUCTURES_H_ |
| 19 |
| 20 #include "tpm/tpm_structures.h" |
| 21 #include "crypto/sha1.h" |
| 22 |
| 23 /* |
| 24 * Ordinals |
| 25 * The command ordinals provide the index value for each command. |
| 26 */ |
| 27 #define MTM_ORD_InstallRIM (66 + TPM_PROTECTED_COMMAND) |
| 28 #define MTM_ORD_LoadVerificationKey (67 + TPM_PROTECTED_COMMAND) |
| 29 #define MTM_ORD_LoadVerificationRootKeyDisable (68 + TPM_PROTECTED_COMMAND) |
| 30 #define MTM_ORD_VerifyRIMCert (69 + TPM_PROTECTED_COMMAND) |
| 31 #define MTM_ORD_VerifyRIMCertAndExtend (72 + TPM_PROTECTED_COMMAND) |
| 32 #define MTM_ORD_IncrementBootstrapCounter (73 + TPM_PROTECTED_COMMAND) |
| 33 #define MTM_ORD_SetVerifiedPCRSelection (74 + TPM_PROTECTED_COMMAND) |
| 34 |
| 35 /* |
| 36 * TPM_CAPABILITY_AREA Values for TPM_GetCapability |
| 37 */ |
| 38 #define TPM_CAP_MTM_PERMANENT_DATA 0x0000000A |
| 39 |
| 40 /* |
| 41 * MTM_COUNTER_REFERENCE ([MTM], Section 5.1) |
| 42 * MTM counter reference structure |
| 43 */ |
| 44 #define MTM_COUNTER_SELECT_NONE 0 |
| 45 #define MTM_COUNTER_SELECT_BOOTSTRAP 1 |
| 46 #define MTM_COUNTER_SELECT_RIMPROTECT 2 |
| 47 #define MTM_COUNTER_SELECT_STORAGEPROTECT 3 |
| 48 #define MTM_COUNTER_SELECT_MAX 3 |
| 49 typedef struct MTM_COUNTER_REFERENCE_STRUCT { |
| 50 BYTE counterSelection; |
| 51 TPM_ACTUAL_COUNT counterValue; |
| 52 } MTM_COUNTER_REFERENCE; |
| 53 #define sizeof_MTM_COUNTER_REFERENCE(s) (1 + 4) |
| 54 |
| 55 /* |
| 56 * TPM_VERIFICATION_KEY_ID ([MTM], Section 5.3) |
| 57 */ |
| 58 typedef UINT32 TPM_VERIFICATION_KEY_ID; |
| 59 #define TPM_VERIFICATION_KEY_ID_NONE 0xFFFFFFFF |
| 60 #define TPM_VERIFICATION_KEY_ID_INTERNAL 0xFFFFFFFE |
| 61 |
| 62 /* |
| 63 * TPM_VERIFICATION_KEY_USAGE ([MTM], Section 5.3) |
| 64 */ |
| 65 #define TPM_VERIFICATION_KEY_USAGE_MTM_MASK 0x00ff |
| 66 #define TPM_VERIFICATION_KEY_USAGE_AGENT_MASK 0x0f00 |
| 67 #define TPM_VERIFICATION_KEY_USAGE_VENDOR_MASK 0xf000 |
| 68 #define TPM_VERIFICATION_KEY_USAGE_SIGN_RIMCERT 0x0001 |
| 69 #define TPM_VERIFICATION_KEY_USAGE_SIGN_RIMAUTH 0x0002 |
| 70 #define TPM_VERIFICATION_KEY_USAGE_INCREMENT_BOOTSTRAP 0x0004 |
| 71 |
| 72 /* |
| 73 * TPM_VERIFICATION_KEY_HANDLE ([MTM], Section 5.3) |
| 74 * Handle used to refer to TPM_VERIFICATION_KEY structures |
| 75 */ |
| 76 typedef UINT32 TPM_VERIFICATION_KEY_HANDLE; |
| 77 |
| 78 /* |
| 79 * TPM_VERIFICATION_KEY ([MTM], Section 5.3) |
| 80 * The TPM_VERIFICATION_KEY structure is used for representing keys in |
| 81 * the authorization hierarchy used to authorize RIM_Certs for a MTM. |
| 82 */ |
| 83 #define TPM_TAG_VERIFICATION_KEY 0x0301 |
| 84 typedef struct TPM_VERIFICATION_KEY_STRUCT { |
| 85 TPM_STRUCTURE_TAG tag; |
| 86 UINT16 usageFlags; |
| 87 TPM_VERIFICATION_KEY_ID parentId; |
| 88 TPM_VERIFICATION_KEY_ID myId; |
| 89 MTM_COUNTER_REFERENCE referenceCounter; |
| 90 TPM_ALGORITHM_ID keyAlgorithm; |
| 91 TPM_SIG_SCHEME keyScheme; |
| 92 BYTE extensionDigestSize; |
| 93 BYTE* extensionDigestData; |
| 94 UINT32 keySize; |
| 95 BYTE* keyData; |
| 96 UINT32 integrityCheckSize; |
| 97 BYTE* integrityCheckData; |
| 98 } TPM_VERIFICATION_KEY; |
| 99 #define sizeof_TPM_VERIFICATION_KEY(s) (2 + 2 + 4 + 4 \ |
| 100 + sizeof_MTM_COUNTER_REFERENCE(s.referenceCounter) + 4 + 2 + 1 \ |
| 101 + s.extensionDigestSize + 4 + s.keySize + 4 + s.integrityCheckSize) |
| 102 #define free_TPM_VERIFICATION_KEY(s) { \ |
| 103 if (s.extensionDigestSize > 0) tpm_free(s.extensionDigestData); \ |
| 104 if (s.keySize > 0) tpm_free(s.keyData); \ |
| 105 if (s.integrityCheckSize > 0) tpm_free(s.integrityCheckData); } |
| 106 |
| 107 /* |
| 108 * TPM_RIM_CERTIFICATE ([MTM], Section 5.2) |
| 109 * A RIM Certificate is a structure authorizing a measurement value |
| 110 * that is extended using MTM_VerifyRIMCertAndExtend into a PCR |
| 111 * defined in the RIM Certificate. |
| 112 */ |
| 113 #define TPM_TAG_RIM_CERTIFICATE 0x0302 |
| 114 typedef struct TPM_RIM_CERTIFICATE_STRUCT { |
| 115 TPM_STRUCTURE_TAG tag; |
| 116 BYTE label[8]; |
| 117 UINT32 rimVersion; |
| 118 MTM_COUNTER_REFERENCE referenceCounter; |
| 119 TPM_PCR_INFO_SHORT state; |
| 120 UINT32 measurementPcrIndex; |
| 121 TPM_PCRVALUE measurementValue; |
| 122 TPM_VERIFICATION_KEY_ID parentId; |
| 123 BYTE extensionDigestSize; |
| 124 BYTE *extensionDigestData; |
| 125 UINT32 integrityCheckSize; |
| 126 BYTE *integrityCheckData; |
| 127 } TPM_RIM_CERTIFICATE; |
| 128 #define sizeof_TPM_RIM_CERTIFICATE(s) (2 + 8 + 4 \ |
| 129 + sizeof_MTM_COUNTER_REFERENCE(s.referenceCounter) \ |
| 130 + sizeof_TPM_PCR_INFO_SHORT(s.state) \ |
| 131 + 4 + 20 + 4 + 1 + s.extensionDigestSize \ |
| 132 + 4 + s.integrityCheckSize) |
| 133 #define free_TPM_RIM_CERTIFICATE(s) { \ |
| 134 if (s.extensionDigestSize > 0) tpm_free(s.extensionDigestData); \ |
| 135 if (s.integrityCheckSize > 0) tpm_free(s.integrityCheckData); } |
| 136 |
| 137 /* |
| 138 * TPM_VERIFICATION_KEY_LOAD_METHODS ([MTM], Section 5.4) |
| 139 * Methods to load a TPM_VERIFICATION_KEY |
| 140 */ |
| 141 typedef BYTE TPM_VERIFICATION_KEY_LOAD_METHODS; |
| 142 #define TPM_VERIFICATION_KEY_ROOT_LOAD 0x01 |
| 143 #define TPM_VERIFICATION_KEY_INTEGRITY_CHECK_ROOT_DATA_LOAD 0x02 |
| 144 #define TPM_VERIFICATION_KEY_OWNER_AUTHORIZED_LOAD 0x04 |
| 145 #define TPM_VERIFICATION_KEY_CHAIN_AUTHORIZED_LOAD 0x08 |
| 146 |
| 147 /* |
| 148 * MTM_KEY_DATA |
| 149 * This structure contains the data for stored MTM verification keys. |
| 150 */ |
| 151 typedef struct MTM_KEY_DATA_STRUCT { |
| 152 BOOL valid; |
| 153 UINT16 usageFlags; |
| 154 TPM_VERIFICATION_KEY_ID parentId; |
| 155 TPM_VERIFICATION_KEY_ID myId; |
| 156 TPM_ALGORITHM_ID keyAlgorithm; |
| 157 TPM_SIG_SCHEME keyScheme; |
| 158 tpm_rsa_public_key_t key; |
| 159 } MTM_KEY_DATA; |
| 160 #define sizeof_MTM_KEY_DATA(s) ( \ |
| 161 1 + 2 + 4 + 4 + 4 + 2 + sizeof_RSAPub(s.key)) |
| 162 #define free_MTM_KEY_DATA(s) { tpm_rsa_release_public_key(&s.key); } |
| 163 |
| 164 /* |
| 165 * MTM_PERMANENT_DATA ([MTM], Section 5.4) |
| 166 * The MTM_PERMANENT_DATA structure contains the permanent data associated |
| 167 * with a MTM that are used by the MTM commands. Note that there is an |
| 168 * alternative where there is only AIK but no EK defined. |
| 169 */ |
| 170 #define MTM_TAG_PERMANENT_DATA 0x0303 |
| 171 #define MTM_MAX_KEYS 10 |
| 172 typedef struct MTM_PERMANENT_DATA_STRUCT { |
| 173 TPM_STRUCTURE_TAG tag; |
| 174 BYTE specMajor; |
| 175 BYTE specMinor; |
| 176 /* TPM_KEY aik; - not needed as the EK is always present */ |
| 177 TPM_PCR_SELECTION verifiedPCRs; |
| 178 TPM_COUNT_ID counterRimProtectId; |
| 179 TPM_COUNT_ID counterStorageProtectId; |
| 180 TPM_VERIFICATION_KEY_LOAD_METHODS loadVerificationKeyMethods; |
| 181 BOOL integrityCheckRootValid; |
| 182 BYTE integrityCheckRootData[SHA1_DIGEST_LENGTH]; |
| 183 TPM_SECRET internalVerificationKey; |
| 184 /* TPM_SECRET verificationAuth; - is a mirror of the ownerAuth */ |
| 185 MTM_KEY_DATA keys[MTM_MAX_KEYS]; |
| 186 } MTM_PERMANENT_DATA; |
| 187 |
| 188 static inline int sizeof_MTM_PERMANENT_DATA(MTM_PERMANENT_DATA *s) |
| 189 { |
| 190 int i, size = 2 + 1 + 1 + 4 + 4 + 1 + 1 + 20; |
| 191 size += sizeof_TPM_PCR_SELECTION(s->verifiedPCRs); |
| 192 size += sizeof(s->integrityCheckRootData); |
| 193 for (i = 0; i < MTM_MAX_KEYS; i++) { |
| 194 if (s->keys[i].valid) { |
| 195 size += sizeof_MTM_KEY_DATA(s->keys[i]); |
| 196 } else { |
| 197 size += 1; |
| 198 } |
| 199 } |
| 200 return size; |
| 201 } |
| 202 |
| 203 static inline void free_MTM_PERMANENT_DATA(MTM_PERMANENT_DATA *s) |
| 204 { |
| 205 int i; |
| 206 for (i = 0; i < MTM_MAX_KEYS; i++) { |
| 207 if (s->keys[i].valid) free_MTM_KEY_DATA(s->keys[i]); |
| 208 } |
| 209 } |
| 210 |
| 211 /* |
| 212 * The MTM_STANY_FLAGS structure houses additional flags that are |
| 213 * initialized by TPM_Init when the MTM boots. |
| 214 */ |
| 215 #define MTM_TAG_STANY_FLAGS 0x0304 |
| 216 typedef struct MTM_STANY_FLAGS_STRUCT { |
| 217 TPM_TAG tag; |
| 218 BOOL loadVerificationRootKeyEnabled; |
| 219 } MTM_STANY_FLAGS; |
| 220 #define sizeof_MTM_STANY_FLAGS(s) (2 + 1) |
| 221 |
| 222 /* |
| 223 * MTM_DATA |
| 224 * Internal data of the MTM |
| 225 */ |
| 226 typedef struct tdMTM_DATA { |
| 227 struct { |
| 228 MTM_PERMANENT_DATA data; |
| 229 } permanent; |
| 230 struct { |
| 231 } stclear; |
| 232 struct { |
| 233 MTM_STANY_FLAGS flags; |
| 234 } stany; |
| 235 } MTM_DATA; |
| 236 #define sizeof_MTM_DATA(s) (sizeof_MTM_PERMANENT_DATA(&s.permanent.data) \ |
| 237 + sizeof_MTM_STANY_FLAGS(s.stany.flags)) |
| 238 #define free_MTM_DATA(s) { free_MTM_PERMANENT_DATA(&s.permanent.data); } |
| 239 |
| 240 #endif /* _MTM_STRUCTURES_H */ |
| 241 |
OLD | NEW |