Index: mtm/mtm_structures.h |
diff --git a/mtm/mtm_structures.h b/mtm/mtm_structures.h |
new file mode 100644 |
index 0000000000000000000000000000000000000000..33b9dcbf14823100e64318e1cae4f2d939b2635e |
--- /dev/null |
+++ b/mtm/mtm_structures.h |
@@ -0,0 +1,241 @@ |
+/* Software-based Mobile Trusted Module (MTM) Emulator |
+ * Copyright (C) 2004-2010 Mario Strasser <mast@gmx.net> |
+ * |
+ * This module is free software; you can redistribute it and/or modify |
+ * it under the terms of the GNU General Public License as published |
+ * by the Free Software Foundation; either version 2 of the License, |
+ * or (at your option) any later version. |
+ * |
+ * This module is distributed in the hope that it will be useful, |
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of |
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
+ * GNU General Public License for more details. |
+ * |
+ * $Id$ |
+ */ |
+ |
+#ifndef _MTM_STRUCTURES_H_ |
+#define _MTM_STRUCTURES_H_ |
+ |
+#include "tpm/tpm_structures.h" |
+#include "crypto/sha1.h" |
+ |
+/* |
+ * Ordinals |
+ * The command ordinals provide the index value for each command. |
+ */ |
+#define MTM_ORD_InstallRIM (66 + TPM_PROTECTED_COMMAND) |
+#define MTM_ORD_LoadVerificationKey (67 + TPM_PROTECTED_COMMAND) |
+#define MTM_ORD_LoadVerificationRootKeyDisable (68 + TPM_PROTECTED_COMMAND) |
+#define MTM_ORD_VerifyRIMCert (69 + TPM_PROTECTED_COMMAND) |
+#define MTM_ORD_VerifyRIMCertAndExtend (72 + TPM_PROTECTED_COMMAND) |
+#define MTM_ORD_IncrementBootstrapCounter (73 + TPM_PROTECTED_COMMAND) |
+#define MTM_ORD_SetVerifiedPCRSelection (74 + TPM_PROTECTED_COMMAND) |
+ |
+/* |
+ * TPM_CAPABILITY_AREA Values for TPM_GetCapability |
+ */ |
+#define TPM_CAP_MTM_PERMANENT_DATA 0x0000000A |
+ |
+/* |
+ * MTM_COUNTER_REFERENCE ([MTM], Section 5.1) |
+ * MTM counter reference structure |
+ */ |
+#define MTM_COUNTER_SELECT_NONE 0 |
+#define MTM_COUNTER_SELECT_BOOTSTRAP 1 |
+#define MTM_COUNTER_SELECT_RIMPROTECT 2 |
+#define MTM_COUNTER_SELECT_STORAGEPROTECT 3 |
+#define MTM_COUNTER_SELECT_MAX 3 |
+typedef struct MTM_COUNTER_REFERENCE_STRUCT { |
+ BYTE counterSelection; |
+ TPM_ACTUAL_COUNT counterValue; |
+} MTM_COUNTER_REFERENCE; |
+#define sizeof_MTM_COUNTER_REFERENCE(s) (1 + 4) |
+ |
+/* |
+ * TPM_VERIFICATION_KEY_ID ([MTM], Section 5.3) |
+ */ |
+typedef UINT32 TPM_VERIFICATION_KEY_ID; |
+#define TPM_VERIFICATION_KEY_ID_NONE 0xFFFFFFFF |
+#define TPM_VERIFICATION_KEY_ID_INTERNAL 0xFFFFFFFE |
+ |
+/* |
+ * TPM_VERIFICATION_KEY_USAGE ([MTM], Section 5.3) |
+ */ |
+#define TPM_VERIFICATION_KEY_USAGE_MTM_MASK 0x00ff |
+#define TPM_VERIFICATION_KEY_USAGE_AGENT_MASK 0x0f00 |
+#define TPM_VERIFICATION_KEY_USAGE_VENDOR_MASK 0xf000 |
+#define TPM_VERIFICATION_KEY_USAGE_SIGN_RIMCERT 0x0001 |
+#define TPM_VERIFICATION_KEY_USAGE_SIGN_RIMAUTH 0x0002 |
+#define TPM_VERIFICATION_KEY_USAGE_INCREMENT_BOOTSTRAP 0x0004 |
+ |
+/* |
+ * TPM_VERIFICATION_KEY_HANDLE ([MTM], Section 5.3) |
+ * Handle used to refer to TPM_VERIFICATION_KEY structures |
+ */ |
+typedef UINT32 TPM_VERIFICATION_KEY_HANDLE; |
+ |
+/* |
+ * TPM_VERIFICATION_KEY ([MTM], Section 5.3) |
+ * The TPM_VERIFICATION_KEY structure is used for representing keys in |
+ * the authorization hierarchy used to authorize RIM_Certs for a MTM. |
+ */ |
+#define TPM_TAG_VERIFICATION_KEY 0x0301 |
+typedef struct TPM_VERIFICATION_KEY_STRUCT { |
+ TPM_STRUCTURE_TAG tag; |
+ UINT16 usageFlags; |
+ TPM_VERIFICATION_KEY_ID parentId; |
+ TPM_VERIFICATION_KEY_ID myId; |
+ MTM_COUNTER_REFERENCE referenceCounter; |
+ TPM_ALGORITHM_ID keyAlgorithm; |
+ TPM_SIG_SCHEME keyScheme; |
+ BYTE extensionDigestSize; |
+ BYTE* extensionDigestData; |
+ UINT32 keySize; |
+ BYTE* keyData; |
+ UINT32 integrityCheckSize; |
+ BYTE* integrityCheckData; |
+} TPM_VERIFICATION_KEY; |
+#define sizeof_TPM_VERIFICATION_KEY(s) (2 + 2 + 4 + 4 \ |
+ + sizeof_MTM_COUNTER_REFERENCE(s.referenceCounter) + 4 + 2 + 1 \ |
+ + s.extensionDigestSize + 4 + s.keySize + 4 + s.integrityCheckSize) |
+#define free_TPM_VERIFICATION_KEY(s) { \ |
+ if (s.extensionDigestSize > 0) tpm_free(s.extensionDigestData); \ |
+ if (s.keySize > 0) tpm_free(s.keyData); \ |
+ if (s.integrityCheckSize > 0) tpm_free(s.integrityCheckData); } |
+ |
+/* |
+ * TPM_RIM_CERTIFICATE ([MTM], Section 5.2) |
+ * A RIM Certificate is a structure authorizing a measurement value |
+ * that is extended using MTM_VerifyRIMCertAndExtend into a PCR |
+ * defined in the RIM Certificate. |
+ */ |
+#define TPM_TAG_RIM_CERTIFICATE 0x0302 |
+typedef struct TPM_RIM_CERTIFICATE_STRUCT { |
+ TPM_STRUCTURE_TAG tag; |
+ BYTE label[8]; |
+ UINT32 rimVersion; |
+ MTM_COUNTER_REFERENCE referenceCounter; |
+ TPM_PCR_INFO_SHORT state; |
+ UINT32 measurementPcrIndex; |
+ TPM_PCRVALUE measurementValue; |
+ TPM_VERIFICATION_KEY_ID parentId; |
+ BYTE extensionDigestSize; |
+ BYTE *extensionDigestData; |
+ UINT32 integrityCheckSize; |
+ BYTE *integrityCheckData; |
+} TPM_RIM_CERTIFICATE; |
+#define sizeof_TPM_RIM_CERTIFICATE(s) (2 + 8 + 4 \ |
+ + sizeof_MTM_COUNTER_REFERENCE(s.referenceCounter) \ |
+ + sizeof_TPM_PCR_INFO_SHORT(s.state) \ |
+ + 4 + 20 + 4 + 1 + s.extensionDigestSize \ |
+ + 4 + s.integrityCheckSize) |
+#define free_TPM_RIM_CERTIFICATE(s) { \ |
+ if (s.extensionDigestSize > 0) tpm_free(s.extensionDigestData); \ |
+ if (s.integrityCheckSize > 0) tpm_free(s.integrityCheckData); } |
+ |
+/* |
+ * TPM_VERIFICATION_KEY_LOAD_METHODS ([MTM], Section 5.4) |
+ * Methods to load a TPM_VERIFICATION_KEY |
+ */ |
+typedef BYTE TPM_VERIFICATION_KEY_LOAD_METHODS; |
+#define TPM_VERIFICATION_KEY_ROOT_LOAD 0x01 |
+#define TPM_VERIFICATION_KEY_INTEGRITY_CHECK_ROOT_DATA_LOAD 0x02 |
+#define TPM_VERIFICATION_KEY_OWNER_AUTHORIZED_LOAD 0x04 |
+#define TPM_VERIFICATION_KEY_CHAIN_AUTHORIZED_LOAD 0x08 |
+ |
+/* |
+ * MTM_KEY_DATA |
+ * This structure contains the data for stored MTM verification keys. |
+ */ |
+typedef struct MTM_KEY_DATA_STRUCT { |
+ BOOL valid; |
+ UINT16 usageFlags; |
+ TPM_VERIFICATION_KEY_ID parentId; |
+ TPM_VERIFICATION_KEY_ID myId; |
+ TPM_ALGORITHM_ID keyAlgorithm; |
+ TPM_SIG_SCHEME keyScheme; |
+ tpm_rsa_public_key_t key; |
+} MTM_KEY_DATA; |
+#define sizeof_MTM_KEY_DATA(s) ( \ |
+ 1 + 2 + 4 + 4 + 4 + 2 + sizeof_RSAPub(s.key)) |
+#define free_MTM_KEY_DATA(s) { tpm_rsa_release_public_key(&s.key); } |
+ |
+/* |
+ * MTM_PERMANENT_DATA ([MTM], Section 5.4) |
+ * The MTM_PERMANENT_DATA structure contains the permanent data associated |
+ * with a MTM that are used by the MTM commands. Note that there is an |
+ * alternative where there is only AIK but no EK defined. |
+ */ |
+#define MTM_TAG_PERMANENT_DATA 0x0303 |
+#define MTM_MAX_KEYS 10 |
+typedef struct MTM_PERMANENT_DATA_STRUCT { |
+ TPM_STRUCTURE_TAG tag; |
+ BYTE specMajor; |
+ BYTE specMinor; |
+ /* TPM_KEY aik; - not needed as the EK is always present */ |
+ TPM_PCR_SELECTION verifiedPCRs; |
+ TPM_COUNT_ID counterRimProtectId; |
+ TPM_COUNT_ID counterStorageProtectId; |
+ TPM_VERIFICATION_KEY_LOAD_METHODS loadVerificationKeyMethods; |
+ BOOL integrityCheckRootValid; |
+ BYTE integrityCheckRootData[SHA1_DIGEST_LENGTH]; |
+ TPM_SECRET internalVerificationKey; |
+ /* TPM_SECRET verificationAuth; - is a mirror of the ownerAuth */ |
+ MTM_KEY_DATA keys[MTM_MAX_KEYS]; |
+} MTM_PERMANENT_DATA; |
+ |
+static inline int sizeof_MTM_PERMANENT_DATA(MTM_PERMANENT_DATA *s) |
+{ |
+ int i, size = 2 + 1 + 1 + 4 + 4 + 1 + 1 + 20; |
+ size += sizeof_TPM_PCR_SELECTION(s->verifiedPCRs); |
+ size += sizeof(s->integrityCheckRootData); |
+ for (i = 0; i < MTM_MAX_KEYS; i++) { |
+ if (s->keys[i].valid) { |
+ size += sizeof_MTM_KEY_DATA(s->keys[i]); |
+ } else { |
+ size += 1; |
+ } |
+ } |
+ return size; |
+} |
+ |
+static inline void free_MTM_PERMANENT_DATA(MTM_PERMANENT_DATA *s) |
+{ |
+ int i; |
+ for (i = 0; i < MTM_MAX_KEYS; i++) { |
+ if (s->keys[i].valid) free_MTM_KEY_DATA(s->keys[i]); |
+ } |
+} |
+ |
+/* |
+ * The MTM_STANY_FLAGS structure houses additional flags that are |
+ * initialized by TPM_Init when the MTM boots. |
+ */ |
+#define MTM_TAG_STANY_FLAGS 0x0304 |
+typedef struct MTM_STANY_FLAGS_STRUCT { |
+ TPM_TAG tag; |
+ BOOL loadVerificationRootKeyEnabled; |
+} MTM_STANY_FLAGS; |
+#define sizeof_MTM_STANY_FLAGS(s) (2 + 1) |
+ |
+/* |
+ * MTM_DATA |
+ * Internal data of the MTM |
+ */ |
+typedef struct tdMTM_DATA { |
+ struct { |
+ MTM_PERMANENT_DATA data; |
+ } permanent; |
+ struct { |
+ } stclear; |
+ struct { |
+ MTM_STANY_FLAGS flags; |
+ } stany; |
+} MTM_DATA; |
+#define sizeof_MTM_DATA(s) (sizeof_MTM_PERMANENT_DATA(&s.permanent.data) \ |
+ + sizeof_MTM_STANY_FLAGS(s.stany.flags)) |
+#define free_MTM_DATA(s) { free_MTM_PERMANENT_DATA(&s.permanent.data); } |
+ |
+#endif /* _MTM_STRUCTURES_H */ |
+ |