1 /*++ 2 3 Copyright (c) 2005 - 2010, Intel Corporation. All rights reserved.<BR> 4 This program and the accompanying materials 5 are licensed and made available under the terms and conditions of the BSD License 6 which accompanies this distribution. The full text of the license may be found at 7 http://opensource.org/licenses/bsd-license.php 8 9 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, 10 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. 11 12 Module Name: 13 14 Tpm12.h 15 16 Abstract: 17 18 TPM Specification data structures (TCG TPM Specification Version 1.2 Revision 103) 19 20 See http://trustedcomputinggroup.org for latest specification updates 21 22 --*/ 23 24 #ifndef _TPM12_H_ 25 #define _TPM12_H_ 26 27 // 28 // Structures are all packed on 1-byte alignment 29 // 30 31 #ifndef __GNUC__ 32 #pragma pack (push) 33 #pragma pack (1) 34 #endif 35 36 // 37 // Part 2, section 2.2: Basic types & Helper redefinitions 38 // 39 typedef UINT8 TPM_AUTH_DATA_USAGE; 40 typedef UINT8 TPM_PAYLOAD_TYPE; 41 typedef UINT8 TPM_VERSION_BYTE; 42 typedef UINT8 TPM_DA_STATE; 43 typedef UINT16 TPM_TAG; 44 typedef UINT16 TPM_PROTOCOL_ID; 45 typedef UINT16 TPM_STARTUP_TYPE; 46 typedef UINT16 TPM_ENC_SCHEME; 47 typedef UINT16 TPM_SIG_SCHEME; 48 typedef UINT16 TPM_MIGRATE_SCHEME; 49 typedef UINT16 TPM_PHYSICAL_PRESENCE; 50 typedef UINT16 TPM_ENTITY_TYPE; 51 typedef UINT16 TPM_KEY_USAGE; 52 typedef UINT16 TPM_EK_TYPE; 53 typedef UINT16 TPM_STRUCTURE_TAG; 54 typedef UINT16 TPM_PLATFORM_SPECIFIC; 55 typedef UINT32 TPM_COMMAND_CODE; 56 typedef UINT32 TPM_CAPABILITY_AREA; 57 typedef UINT32 TPM_KEY_FLAGS; 58 typedef UINT32 TPM_ALGORITHM_ID; 59 typedef UINT32 TPM_MODIFIER_INDICATOR; 60 typedef UINT32 TPM_ACTUAL_COUNT; 61 typedef UINT32 TPM_TRANSPORT_ATTRIBUTES; 62 typedef UINT32 TPM_AUTHHANDLE; 63 typedef UINT32 TPM_DIRINDEX; 64 typedef UINT32 TPM_KEY_HANDLE; 65 typedef UINT32 TPM_PCRINDEX; 66 typedef UINT32 TPM_RESULT; 67 typedef UINT32 TPM_RESOURCE_TYPE; 68 typedef UINT32 TPM_KEY_CONTROL; 69 typedef UINT32 TPM_NV_INDEX; 70 typedef UINT32 TPM_FAMILY_ID; 71 typedef UINT32 TPM_FAMILY_VERIFICATION; 72 typedef UINT32 TPM_STARTUP_EFFECTS; 73 typedef UINT32 TPM_SYM_MODE; 74 typedef UINT32 TPM_FAMILY_FLAGS; 75 typedef UINT32 TPM_DELEGATE_INDEX; 76 typedef UINT32 TPM_CMK_DELEGATE; 77 typedef UINT32 TPM_COUNT_ID; 78 typedef UINT32 TPM_REDIT_COMMAND; 79 typedef UINT32 TPM_TRANSHANDLE; 80 typedef UINT32 TPM_HANDLE; 81 typedef UINT32 TPM_FAMILY_OPERATION; 82 83 // 84 // Part 2, section 2.2.4: Vendor specific 85 // The following defines allow for the quick specification of a 86 // vendor specific item. 87 // 88 #define TPM_Vendor_Specific32 ((UINT32) 0x00000400) 89 #define TPM_Vendor_Specific8 ((UINT8) 0x80) 90 91 // 92 // Part 2, section 3.1: Structure TAGs 93 // 94 #define TPM_TAG_CONTEXTBLOB ((TPM_STRUCTURE_TAG) 0x0001) 95 #define TPM_TAG_CONTEXT_SENSITIVE ((TPM_STRUCTURE_TAG) 0x0002) 96 #define TPM_TAG_CONTEXTPOINTER ((TPM_STRUCTURE_TAG) 0x0003) 97 #define TPM_TAG_CONTEXTLIST ((TPM_STRUCTURE_TAG) 0x0004) 98 #define TPM_TAG_SIGNINFO ((TPM_STRUCTURE_TAG) 0x0005) 99 #define TPM_TAG_PCR_INFO_LONG ((TPM_STRUCTURE_TAG) 0x0006) 100 #define TPM_TAG_PERSISTENT_FLAGS ((TPM_STRUCTURE_TAG) 0x0007) 101 #define TPM_TAG_VOLATILE_FLAGS ((TPM_STRUCTURE_TAG) 0x0008) 102 #define TPM_TAG_PERSISTENT_DATA ((TPM_STRUCTURE_TAG) 0x0009) 103 #define TPM_TAG_VOLATILE_DATA ((TPM_STRUCTURE_TAG) 0x000A) 104 #define TPM_TAG_SV_DATA ((TPM_STRUCTURE_TAG) 0x000B) 105 #define TPM_TAG_EK_BLOB ((TPM_STRUCTURE_TAG) 0x000C) 106 #define TPM_TAG_EK_BLOB_AUTH ((TPM_STRUCTURE_TAG) 0x000D) 107 #define TPM_TAG_COUNTER_VALUE ((TPM_STRUCTURE_TAG) 0x000E) 108 #define TPM_TAG_TRANSPORT_INTERNAL ((TPM_STRUCTURE_TAG) 0x000F) 109 #define TPM_TAG_TRANSPORT_LOG_IN ((TPM_STRUCTURE_TAG) 0x0010) 110 #define TPM_TAG_TRANSPORT_LOG_OUT ((TPM_STRUCTURE_TAG) 0x0011) 111 #define TPM_TAG_AUDIT_EVENT_IN ((TPM_STRUCTURE_TAG) 0x0012) 112 #define TPM_TAG_AUDIT_EVENT_OUT ((TPM_STRUCTURE_TAG) 0x0013) 113 #define TPM_TAG_CURRENT_TICKS ((TPM_STRUCTURE_TAG) 0x0014) 114 #define TPM_TAG_KEY ((TPM_STRUCTURE_TAG) 0x0015) 115 #define TPM_TAG_STORED_DATA12 ((TPM_STRUCTURE_TAG) 0x0016) 116 #define TPM_TAG_NV_ATTRIBUTES ((TPM_STRUCTURE_TAG) 0x0017) 117 #define TPM_TAG_NV_DATA_PUBLIC ((TPM_STRUCTURE_TAG) 0x0018) 118 #define TPM_TAG_NV_DATA_SENSITIVE ((TPM_STRUCTURE_TAG) 0x0019) 119 #define TPM_TAG_DELEGATIONS ((TPM_STRUCTURE_TAG) 0x001A) 120 #define TPM_TAG_DELEGATE_PUBLIC ((TPM_STRUCTURE_TAG) 0x001B) 121 #define TPM_TAG_DELEGATE_TABLE_ROW ((TPM_STRUCTURE_TAG) 0x001C) 122 #define TPM_TAG_TRANSPORT_AUTH ((TPM_STRUCTURE_TAG) 0x001D) 123 #define TPM_TAG_TRANSPORT_PUBLIC ((TPM_STRUCTURE_TAG) 0x001E) 124 #define TPM_TAG_PERMANENT_FLAGS ((TPM_STRUCTURE_TAG) 0x001F) 125 #define TPM_TAG_STCLEAR_FLAGS ((TPM_STRUCTURE_TAG) 0x0020) 126 #define TPM_TAG_STANY_FLAGS ((TPM_STRUCTURE_TAG) 0x0021) 127 #define TPM_TAG_PERMANENT_DATA ((TPM_STRUCTURE_TAG) 0x0022) 128 #define TPM_TAG_STCLEAR_DATA ((TPM_STRUCTURE_TAG) 0x0023) 129 #define TPM_TAG_STANY_DATA ((TPM_STRUCTURE_TAG) 0x0024) 130 #define TPM_TAG_FAMILY_TABLE_ENTRY ((TPM_STRUCTURE_TAG) 0x0025) 131 #define TPM_TAG_DELEGATE_SENSITIVE ((TPM_STRUCTURE_TAG) 0x0026) 132 #define TPM_TAG_DELG_KEY_BLOB ((TPM_STRUCTURE_TAG) 0x0027) 133 #define TPM_TAG_KEY12 ((TPM_STRUCTURE_TAG) 0x0028) 134 #define TPM_TAG_CERTIFY_INFO2 ((TPM_STRUCTURE_TAG) 0x0029) 135 #define TPM_TAG_DELEGATE_OWNER_BLOB ((TPM_STRUCTURE_TAG) 0x002A) 136 #define TPM_TAG_EK_BLOB_ACTIVATE ((TPM_STRUCTURE_TAG) 0x002B) 137 #define TPM_TAG_DAA_BLOB ((TPM_STRUCTURE_TAG) 0x002C) 138 #define TPM_TAG_DAA_CONTEXT ((TPM_STRUCTURE_TAG) 0x002D) 139 #define TPM_TAG_DAA_ENFORCE ((TPM_STRUCTURE_TAG) 0x002E) 140 #define TPM_TAG_DAA_ISSUER ((TPM_STRUCTURE_TAG) 0x002F) 141 #define TPM_TAG_CAP_VERSION_INFO ((TPM_STRUCTURE_TAG) 0x0030) 142 #define TPM_TAG_DAA_SENSITIVE ((TPM_STRUCTURE_TAG) 0x0031) 143 #define TPM_TAG_DAA_TPM ((TPM_STRUCTURE_TAG) 0x0032) 144 #define TPM_TAG_CMK_MIGAUTH ((TPM_STRUCTURE_TAG) 0x0033) 145 #define TPM_TAG_CMK_SIGTICKET ((TPM_STRUCTURE_TAG) 0x0034) 146 #define TPM_TAG_CMK_MA_APPROVAL ((TPM_STRUCTURE_TAG) 0x0035) 147 #define TPM_TAG_QUOTE_INFO2 ((TPM_STRUCTURE_TAG) 0x0036) 148 #define TPM_TAG_DA_INFO ((TPM_STRUCTURE_TAG) 0x0037) 149 #define TPM_TAG_DA_LIMITED ((TPM_STRUCTURE_TAG) 0x0038) 150 #define TPM_TAG_DA_ACTION_TYPE ((TPM_STRUCTURE_TAG) 0x0039) 151 152 // 153 // Part 2, section 4: TPM Types 154 // 155 156 // 157 // Part 2, section 4.1: TPM_RESOURCE_TYPE 158 // 159 #define TPM_RT_KEY ((TPM_RESOURCE_TYPE) 0x00000001) // The handle is a key handle and is the result of a LoadKey type operation 160 #define TPM_RT_AUTH ((TPM_RESOURCE_TYPE) 0x00000002) // The handle is an authorization handle. Auth handles come from TPM_OIAP, TPM_OSAP and TPM_DSAP 161 #define TPM_RT_HASH ((TPM_RESOURCE_TYPE) 0x00000003) // Reserved for hashes 162 #define TPM_RT_TRANS ((TPM_RESOURCE_TYPE) 0x00000004) // The handle is for a transport session. Transport handles come from TPM_EstablishTransport 163 #define TPM_RT_CONTEXT ((TPM_RESOURCE_TYPE) 0x00000005) // Resource wrapped and held outside the TPM using the context save/restore commands 164 #define TPM_RT_COUNTER ((TPM_RESOURCE_TYPE) 0x00000006) // Reserved for counters 165 #define TPM_RT_DELEGATE ((TPM_RESOURCE_TYPE) 0x00000007) // The handle is for a delegate row. These are the internal rows held in NV storage by the TPM 166 #define TPM_RT_DAA_TPM ((TPM_RESOURCE_TYPE) 0x00000008) // The value is a DAA TPM specific blob 167 #define TPM_RT_DAA_V0 ((TPM_RESOURCE_TYPE) 0x00000009) // The value is a DAA V0 parameter 168 #define TPM_RT_DAA_V1 ((TPM_RESOURCE_TYPE) 0x0000000A) // The value is a DAA V1 parameter 169 170 // 171 // Part 2, section 4.2: TPM_PAYLOAD_TYPE 172 // 173 #define TPM_PT_ASYM ((TPM_PAYLOAD_TYPE) 0x01) // The entity is an asymmetric key 174 #define TPM_PT_BIND ((TPM_PAYLOAD_TYPE) 0x02) // The entity is bound data 175 #define TPM_PT_MIGRATE ((TPM_PAYLOAD_TYPE) 0x03) // The entity is a migration blob 176 #define TPM_PT_MAINT ((TPM_PAYLOAD_TYPE) 0x04) // The entity is a maintenance blob 177 #define TPM_PT_SEAL ((TPM_PAYLOAD_TYPE) 0x05) // The entity is sealed data 178 #define TPM_PT_MIGRATE_RESTRICTED ((TPM_PAYLOAD_TYPE) 0x06) // The entity is a restricted-migration asymmetric key 179 #define TPM_PT_MIGRATE_EXTERNAL ((TPM_PAYLOAD_TYPE) 0x07) // The entity is a external migratable key 180 #define TPM_PT_CMK_MIGRATE ((TPM_PAYLOAD_TYPE) 0x08) // The entity is a CMK migratable blob 181 #define TPM_PT_VENDOR_SPECIFIC ((TPM_PAYLOAD_TYPE) 0x80) // 0x80 - 0xFF Vendor specific payloads 182 183 // 184 // Part 2, section 4.3: TPM_ENTIRY_TYPE 185 // 186 #define TPM_ET_KEYHANDLE ((UINT16) 0x0001) // The entity is a keyHandle or key 187 #define TPM_ET_OWNER ((UINT16) 0x0002) // The entity is the TPM Owner 188 #define TPM_ET_DATA ((UINT16) 0x0003) // The entity is some data 189 #define TPM_ET_SRK ((UINT16) 0x0004) // The entity is the SRK 190 #define TPM_ET_KEY ((UINT16) 0x0005) // The entity is a key or keyHandle 191 #define TPM_ET_REVOKE ((UINT16) 0x0006) // The entity is the RevokeTrust value 192 #define TPM_ET_DEL_OWNER_BLOB ((UINT16) 0x0007) // The entity is a delegate owner blob 193 #define TPM_ET_DEL_ROW ((UINT16) 0x0008) // The entity is a delegate row 194 #define TPM_ET_DEL_KEY_BLOB ((UINT16) 0x0009) // The entity is a delegate key blob 195 #define TPM_ET_COUNTER ((UINT16) 0x000A) // The entity is a counter 196 #define TPM_ET_NV ((UINT16) 0x000B) // The entity is a NV index 197 #define TPM_ET_OPERATOR ((UINT16) 0x000C) // The entity is the operator 198 #define TPM_ET_RESERVED_HANDLE ((UINT16) 0x0040) // Reserved. This value avoids collisions with the handle MSB setting. 199 // 200 // TPM_ENTITY_TYPE MSB Values: The MSB is used to indicate the ADIP encryption sheme when applicable 201 // 202 #define TPM_ET_XOR ((UINT16) 0x0000) // ADIP encryption scheme: XOR 203 #define TPM_ET_AES128 ((UINT16) 0x0006) // ADIP encryption scheme: AES 128 bits 204 205 // 206 // Part 2, section 4.4.1: Reserved Key Handles 207 // 208 #define TPM_KH_SRK ((TPM_KEY_HANDLE) 0x40000000) // The handle points to the SRK 209 #define TPM_KH_OWNER ((TPM_KEY_HANDLE) 0x40000001) // The handle points to the TPM Owner 210 #define TPM_KH_REVOKE ((TPM_KEY_HANDLE) 0x40000002) // The handle points to the RevokeTrust value 211 #define TPM_KH_TRANSPORT ((TPM_KEY_HANDLE) 0x40000003) // The handle points to the EstablishTransport static authorization 212 #define TPM_KH_OPERATOR ((TPM_KEY_HANDLE) 0x40000004) // The handle points to the Operator auth 213 #define TPM_KH_ADMIN ((TPM_KEY_HANDLE) 0x40000005) // The handle points to the delegation administration auth 214 #define TPM_KH_EK ((TPM_KEY_HANDLE) 0x40000006) // The handle points to the PUBEK, only usable with TPM_OwnerReadInternalPub 215 216 // 217 // Part 2, section 4.5: TPM_STARTUP_TYPE 218 // 219 #define TPM_ST_CLEAR ((TPM_STARTUP_TYPE) 0x0001) // The TPM is starting up from a clean state 220 #define TPM_ST_STATE ((TPM_STARTUP_TYPE) 0x0002) // The TPM is starting up from a saved state 221 #define TPM_ST_DEACTIVATED ((TPM_STARTUP_TYPE) 0x0003) // The TPM is to startup and set the deactivated flag to TRUE 222 223 // 224 // Part 2, section 4.6: TPM_STATUP_EFFECTS 225 // The table makeup is still an open issue. 226 // 227 228 // 229 // Part 2, section 4.7: TPM_PROTOCOL_ID 230 // 231 #define TPM_PID_OIAP ((TPM_PROTOCOL_ID) 0x0001) // The OIAP protocol. 232 #define TPM_PID_OSAP ((TPM_PROTOCOL_ID) 0x0002) // The OSAP protocol. 233 #define TPM_PID_ADIP ((TPM_PROTOCOL_ID) 0x0003) // The ADIP protocol. 234 #define TPM_PID_ADCP ((TPM_PROTOCOL_ID) 0x0004) // The ADCP protocol. 235 #define TPM_PID_OWNER ((TPM_PROTOCOL_ID) 0x0005) // The protocol for taking ownership of a TPM. 236 #define TPM_PID_DSAP ((TPM_PROTOCOL_ID) 0x0006) // The DSAP protocol 237 #define TPM_PID_TRANSPORT ((TPM_PROTOCOL_ID) 0x0007) // The transport protocol 238 239 // 240 // Part 2, section 4.8: TPM_ALGORITHM_ID 241 // The TPM MUST support the algorithms TPM_ALG_RSA, TPM_ALG_SHA, TPM_ALG_HMAC, 242 // TPM_ALG_MGF1 243 // 244 #define TPM_ALG_RSA ((TPM_ALGORITHM_ID) 0x00000001) // The RSA algorithm. 245 #define TPM_ALG_DES ((TPM_ALGORITHM_ID) 0x00000002) // The DES algorithm 246 #define TPM_ALG_3DES ((TPM_ALGORITHM_ID) 0x00000003) // The 3DES algorithm in EDE mode 247 #define TPM_ALG_SHA ((TPM_ALGORITHM_ID) 0x00000004) // The SHA1 algorithm 248 #define TPM_ALG_HMAC ((TPM_ALGORITHM_ID) 0x00000005) // The RFC 2104 HMAC algorithm 249 #define TPM_ALG_AES128 ((TPM_ALGORITHM_ID) 0x00000006) // The AES algorithm, key size 128 250 #define TPM_ALG_MGF1 ((TPM_ALGORITHM_ID) 0x00000007) // The XOR algorithm using MGF1 to create a string the size of the encrypted block 251 #define TPM_ALG_AES192 ((TPM_ALGORITHM_ID) 0x00000008) // AES, key size 192 252 #define TPM_ALG_AES256 ((TPM_ALGORITHM_ID) 0x00000009) // AES, key size 256 253 #define TPM_ALG_XOR ((TPM_ALGORITHM_ID) 0x0000000A) // XOR using the rolling nonces 254 255 // 256 // Part 2, section 4.9: TPM_PHYSICAL_PRESENCE 257 // 258 #define TPM_PHYSICAL_PRESENCE_HW_DISABLE ((TPM_PHYSICAL_PRESENCE) 0x0200) // Sets the physicalPresenceHWEnable to FALSE 259 #define TPM_PHYSICAL_PRESENCE_CMD_DISABLE ((TPM_PHYSICAL_PRESENCE) 0x0100) // Sets the physicalPresenceCMDEnable to FALSE 260 #define TPM_PHYSICAL_PRESENCE_LIFETIME_LOCK ((TPM_PHYSICAL_PRESENCE) 0x0080) // Sets the physicalPresenceLifetimeLock to TRUE 261 #define TPM_PHYSICAL_PRESENCE_HW_ENABLE ((TPM_PHYSICAL_PRESENCE) 0x0040) // Sets the physicalPresenceHWEnable to TRUE 262 #define TPM_PHYSICAL_PRESENCE_CMD_ENABLE ((TPM_PHYSICAL_PRESENCE) 0x0020) // Sets the physicalPresenceCMDEnable to TRUE 263 #define TPM_PHYSICAL_PRESENCE_NOTPRESENT ((TPM_PHYSICAL_PRESENCE) 0x0010) // Sets PhysicalPresence = FALSE 264 #define TPM_PHYSICAL_PRESENCE_PRESENT ((TPM_PHYSICAL_PRESENCE) 0x0008) // Sets PhysicalPresence = TRUE 265 #define TPM_PHYSICAL_PRESENCE_LOCK ((TPM_PHYSICAL_PRESENCE) 0x0004) // Sets PhysicalPresenceLock = TRUE 266 267 // 268 // Part 2, section 4.10: TPM_MIGRATE_SCHEME 269 // 270 #define TPM_MS_MIGRATE ((TPM_MIGRATE_SCHEME) 0x0001) // A public key that can be used with all TPM migration commands other than 'ReWrap' mode. 271 #define TPM_MS_REWRAP ((TPM_MIGRATE_SCHEME) 0x0002) // A public key that can be used for the ReWrap mode of TPM_CreateMigrationBlob. 272 #define TPM_MS_MAINT ((TPM_MIGRATE_SCHEME) 0x0003) // A public key that can be used for the Maintenance commands 273 #define TPM_MS_RESTRICT_MIGRATE ((TPM_MIGRATE_SCHEME) 0x0004) // The key is to be migrated to a Migration Authority. 274 #define TPM_MS_RESTRICT_APPROVE_DOUBLE ((TPM_MIGRATE_SCHEME) 0x0005) // The key is to be migrated to an entity approved by a Migration Authority using double wrapping 275 276 // 277 // Part 2, section 4.11: TPM_EK_TYPE 278 // 279 #define TPM_EK_TYPE_ACTIVATE ((TPM_EK_TYPE) 0x0001) // The blob MUST be TPM_EK_BLOB_ACTIVATE 280 #define TPM_EK_TYPE_AUTH ((TPM_EK_TYPE) 0x0002) // The blob MUST be TPM_EK_BLOB_AUTH 281 282 // 283 // Part 2, section 4.12: TPM_PLATFORM_SPECIFIC 284 // 285 #define TPM_PS_PC_11 ((TPM_PLATFORM_SPECIFIC) 0x0001) // PC Specific version 1.1 286 #define TPM_PS_PC_12 ((TPM_PLATFORM_SPECIFIC) 0x0002) // PC Specific version 1.2 287 #define TPM_PS_PDA_12 ((TPM_PLATFORM_SPECIFIC) 0x0003) // PDA Specific version 1.2 288 #define TPM_PS_Server_12 ((TPM_PLATFORM_SPECIFIC) 0x0004) // Server Specific version 1.2 289 #define TPM_PS_Mobile_12 ((TPM_PLATFORM_SPECIFIC) 0x0005) // Mobil Specific version 1.2 290 291 // 292 // Part 2, section 5: Basic Structures 293 // 294 295 // 296 // Part 2, section 5.1: TPM_STRUCT_VER 297 // 298 typedef struct tdTPM_STRUCT_VER { 299 UINT8 major; 300 UINT8 minor; 301 UINT8 revMajor; 302 UINT8 revMinor; 303 } TPM_STRUCT_VER; 304 305 // 306 // Part 2, section 5.3: TPM_VERSION 307 // 308 typedef struct tdTPM_VERSION { 309 TPM_VERSION_BYTE major; 310 TPM_VERSION_BYTE minor; 311 UINT8 revMajor; 312 UINT8 revMinor; 313 } TPM_VERSION; 314 315 // 316 // Part 2, section 5.4: TPM_DIGEST 317 // 318 #define TPM_SHA1_160_HASH_LEN 0x14 319 #define TPM_SHA1BASED_NONCE_LEN TPM_SHA1_160_HASH_LEN 320 321 typedef struct tdTPM_DIGEST{ 322 UINT8 digest[TPM_SHA1_160_HASH_LEN]; 323 } TPM_DIGEST; 324 325 typedef TPM_DIGEST TPM_CHOSENID_HASH; // This SHALL be the digest of the chosen identityLabel and privacyCA for a new TPM identity. 326 typedef TPM_DIGEST TPM_COMPOSITE_HASH; // This SHALL be the hash of a list of PCR indexes and PCR values that a key or data is bound to. 327 typedef TPM_DIGEST TPM_DIRVALUE; // This SHALL be the value of a DIR register 328 typedef TPM_DIGEST TPM_HMAC; 329 typedef TPM_DIGEST TPM_PCRVALUE; // The value inside of the PCR 330 typedef TPM_DIGEST TPM_AUDITDIGEST; // This SHALL be the value of the current internal audit state 331 332 // 333 // Part 2, section 5.5: TPM_NONCE 334 // 335 typedef struct tdTPM_NONCE{ 336 UINT8 nonce[20]; 337 } TPM_NONCE; 338 339 typedef TPM_NONCE TPM_DAA_TPM_SEED; // This SHALL be a random value generated by a TPM immediately after the EK is installed in that TPM, whenever an EK is installed in that TPM 340 typedef TPM_NONCE TPM_DAA_CONTEXT_SEED; // This SHALL be a random value 341 342 // 343 // Part 2, section 5.6: TPM_AUTHDATA 344 // 345 typedef UINT8 tdTPM_AUTHDATA[20]; 346 typedef tdTPM_AUTHDATA TPM_AUTHDATA; 347 typedef TPM_AUTHDATA TPM_SECRET; 348 typedef TPM_AUTHDATA TPM_ENCAUTH; 349 350 // 351 // Part 2, section 5.7: TPM_KEY_HANDLE_LIST 352 // Size of handle is loaded * sizeof(TPM_KEY_HANDLE) 353 // 354 typedef struct tdTPM_KEY_HANDLE_LIST { 355 UINT16 loaded; 356 TPM_KEY_HANDLE handle[1]; 357 } TPM_KEY_HANDLE_LIST; 358 359 // 360 // Part 2, section 5.8: TPM_KEY_USAGE values 361 // 362 363 #define TPM_KEY_SIGNING ((UINT16) 0x0010) 364 // TPM_KEY_SIGNING SHALL indicate a signing key. The [private] key SHALL be 365 // used for signing operations, only. This means that it MUST be a leaf of the 366 // Protected Storage key hierarchy. 367 368 #define TPM_KEY_STORAGE ((UINT16) 0x0011) 369 // TPM_KEY_STORAGE SHALL indicate a storage key. The key SHALL be used to wrap 370 // and unwrap other keys in the Protected Storage hierarchy 371 372 #define TPM_KEY_IDENTITY ((UINT16) 0x0012) 373 // TPM_KEY_IDENTITY SHALL indicate an identity key. The key SHALL be used for 374 // operations that require a TPM identity, only. 375 376 #define TPM_KEY_AUTHCHANGE ((UINT16) 0x0013) 377 // TPM_KEY_AUTHCHANGE SHALL indicate an ephemeral key that is in use during 378 // the ChangeAuthAsym process, only. 379 380 #define TPM_KEY_BIND ((UINT16) 0x0014) 381 // TPM_KEY_BIND SHALL indicate a key that can be used for TPM_Bind and 382 // TPM_Unbind operations only. 383 384 #define TPM_KEY_LEGACY ((UINT16) 0x0015) 385 // TPM_KEY_LEGACY SHALL indicate a key that can perform signing and binding 386 // operations. The key MAY be used for both signing and binding operations. 387 // The TPM_KEY_LEGACY key type is to allow for use by applications where both 388 // signing and encryption operations occur with the same key. The use of this 389 // key type is not recommended TPM_KEY_MIGRATE 0x0016 This SHALL indicate a 390 // key in use for TPM_MigrateKey 391 392 #define TPM_KEY_MIGRATE ((UINT16) 0x0016) 393 // TPM_KEY_MIGRAGE SHALL indicate a key in use for TPM_MigrateKey 394 395 // 396 // Part 2, section 5.8.1: Encryption/Signature schemes 397 // 398 399 #define TPM_ES_NONE ((TPM_ENC_SCHEME) 0x0001) 400 #define TPM_ES_RSAESPKCSv15 ((TPM_ENC_SCHEME) 0x0002) 401 #define TPM_ES_RSAESOAEP_SHA1_MGF1 ((TPM_ENC_SCHEME) 0x0003) 402 #define TPM_ES_SYM_CNT ((TPM_ENC_SCHEME) 0x0004) // rev94 defined 403 #define TPM_ES_SYM_CTR ((TPM_ENC_SCHEME) 0x0004) 404 #define TPM_ES_SYM_OFB ((TPM_ENC_SCHEME) 0x0005) 405 406 #define TPM_SS_NONE ((TPM_SIG_SCHEME) 0x0001) 407 #define TPM_SS_RSASSAPKCS1v15_SHA1 ((TPM_SIG_SCHEME) 0x0002) 408 #define TPM_SS_RSASSAPKCS1v15_DER ((TPM_SIG_SCHEME) 0x0003) 409 #define TPM_SS_RSASSAPKCS1v15_INFO ((TPM_SIG_SCHEME) 0x0004) 410 411 // 412 // Part 2, section 5.9: TPM_AUTH_DATA_USAGE values 413 // 414 #define TPM_AUTH_NEVER ((TPM_AUTH_DATA_USAGE) 0x00) 415 #define TPM_AUTH_ALWAYS ((TPM_AUTH_DATA_USAGE) 0x01) 416 #define TPM_AUTH_PRIV_USE_ONLY ((TPM_AUTH_DATA_USAGE) 0x03) 417 418 // 419 // Part 2, section 5.10: TPM_KEY_FLAGS 420 // 421 enum tdTPM_KEY_FLAGS { 422 redirection = 0x00000001, 423 migratable = 0x00000002, 424 isVolatile = 0x00000004, 425 pcrIgnoredOnRead = 0x00000008, 426 migrateAuthority = 0x00000010 427 }; 428 429 // 430 // Part 2, section 5.11: TPM_CHANGEAUTH_VALIDATE 431 // 432 typedef struct tdTPM_CHANGEAUTH_VALIDATE { 433 TPM_SECRET newAuthSecret; 434 TPM_NONCE n1; 435 } TPM_CHANGEAUTH_VALIDATE; 436 437 // 438 // Part 2, section 5.12: TPM_MIGRATIONKEYAUTH 439 // decalared after section 10 to catch declaration of TPM_PUBKEY 440 // 441 // Part 2 section 10.1: TPM_KEY_PARMS 442 // [size_is(parmSize)] BYTE* parms; 443 // 444 typedef struct tdTPM_KEY_PARMS { 445 TPM_ALGORITHM_ID algorithmID; 446 TPM_ENC_SCHEME encScheme; 447 TPM_SIG_SCHEME sigScheme; 448 UINT32 parmSize; 449 UINT8 *parms; 450 } TPM_KEY_PARMS; 451 452 // 453 // Part 2, section 10.4: TPM_STORE_PUBKEY 454 // 455 typedef struct tdTPM_STORE_PUBKEY { 456 UINT32 keyLength; 457 UINT8 key[1]; 458 } TPM_STORE_PUBKEY; 459 460 // 461 // Part 2, section 10.5: TPM_PUBKEY 462 // 463 typedef struct tdTPM_PUBKEY{ 464 TPM_KEY_PARMS algorithmParms; 465 TPM_STORE_PUBKEY pubKey; 466 } TPM_PUBKEY; 467 468 // 469 // Part 2, section 5.12: TPM_MIGRATIONKEYAUTH 470 // 471 typedef struct tdTPM_MIGRATIONKEYAUTH{ 472 TPM_PUBKEY migrationKey; 473 TPM_MIGRATE_SCHEME migrationScheme; 474 TPM_DIGEST digest; 475 } TPM_MIGRATIONKEYAUTH; 476 477 // 478 // Part 2, section 5.13: TPM_COUNTER_VALUE 479 // 480 typedef struct tdTPM_COUNTER_VALUE{ 481 TPM_STRUCTURE_TAG tag; 482 UINT8 label[4]; 483 TPM_ACTUAL_COUNT counter; 484 } TPM_COUNTER_VALUE; 485 486 // 487 // Part 2, section 5.14: TPM_SIGN_INFO 488 // Size of data indicated by dataLen 489 // 490 typedef struct tdTPM_SIGN_INFO { 491 TPM_STRUCTURE_TAG tag; 492 UINT8 fixed[4]; 493 TPM_NONCE replay; 494 UINT32 dataLen; 495 UINT8 *data; 496 } TPM_SIGN_INFO; 497 498 // 499 // Part 2, section 5.15: TPM_MSA_COMPOSITE 500 // Number of migAuthDigest indicated by MSAlist 501 // 502 typedef struct tdTPM_MSA_COMPOSITE { 503 UINT32 MSAlist; 504 TPM_DIGEST migAuthDigest[1]; 505 } TPM_MSA_COMPOSITE; 506 507 // 508 // Part 2, section 5.16: TPM_CMK_AUTH 509 // 510 typedef struct tdTPM_CMK_AUTH{ 511 TPM_DIGEST migrationAuthorityDigest; 512 TPM_DIGEST destinationKeyDigest; 513 TPM_DIGEST sourceKeyDigest; 514 } TPM_CMK_AUTH; 515 516 // 517 // Part 2, section 5.17: TPM_CMK_DELEGATE 518 // 519 #define TPM_CMK_DELEGATE_SIGNING (((TPM_CMK_DELEGATE)1) << 31) 520 #define TPM_CMK_DELEGATE_STORAGE (((TPM_CMK_DELEGATE)1) << 30) 521 #define TPM_CMK_DELEGATE_BIND (((TPM_CMK_DELEGATE)1) << 29) 522 #define TPM_CMK_DELEGATE_LEGACY (((TPM_CMK_DELEGATE)1) << 28) 523 #define TPM_CMK_DELEGATE_MIGRATE (((TPM_CMK_DELEGATE)1) << 27) 524 525 // 526 // Part 2, section 5.18: TPM_SELECT_SIZE 527 // 528 typedef struct tdTPM_SELECT_SIZE { 529 UINT8 major; 530 UINT8 minor; 531 UINT16 reqSize; 532 } TPM_SELECT_SIZE; 533 534 // 535 // Part 2, section 5,19: TPM_CMK_MIGAUTH 536 // 537 typedef struct tdTPM_CMK_MIGAUTH{ 538 TPM_STRUCTURE_TAG tag; 539 TPM_DIGEST msaDigest; 540 TPM_DIGEST pubKeyDigest; 541 } TPM_CMK_MIGAUTH; 542 543 // 544 // Part 2, section 5.20: TPM_CMK_SIGTICKET 545 // 546 typedef struct tdTPM_CMK_SIGTICKET{ 547 TPM_STRUCTURE_TAG tag; 548 TPM_DIGEST verKeyDigest; 549 TPM_DIGEST signedData; 550 } TPM_CMK_SIGTICKET; 551 552 // 553 // Part 2, section 5.21: TPM_CMK_MA_APPROVAL 554 // 555 typedef struct tdTPM_CMK_MA_APPROVAL{ 556 TPM_STRUCTURE_TAG tag; 557 TPM_DIGEST migrationAuthorityDigest; 558 } TPM_CMK_MA_APPROVAL; 559 560 // 561 // Part 2, section 6: Command Tags 562 // 563 #define TPM_TAG_RQU_COMMAND ((TPM_STRUCTURE_TAG) 0x00C1) 564 #define TPM_TAG_RQU_AUTH1_COMMAND ((TPM_STRUCTURE_TAG) 0x00C2) 565 #define TPM_TAG_RQU_AUTH2_COMMAND ((TPM_STRUCTURE_TAG) 0x00C3) 566 #define TPM_TAG_RSP_COMMAND ((TPM_STRUCTURE_TAG) 0x00C4) 567 #define TPM_TAG_RSP_AUTH1_COMMAND ((TPM_STRUCTURE_TAG) 0x00C5) 568 #define TPM_TAG_RSP_AUTH2_COMMAND ((TPM_STRUCTURE_TAG) 0x00C6) 569 570 // 571 // Part 2, section 7.1: TPM_PERMANENT_FLAGS 572 // 573 typedef struct tdTPM_PERMANENT_FLAGS{ 574 TPM_STRUCTURE_TAG tag; 575 BOOLEAN disable; 576 BOOLEAN ownership; 577 BOOLEAN deactivated; 578 BOOLEAN readPubek; 579 BOOLEAN disableOwnerClear; 580 BOOLEAN allowMaintenance; 581 BOOLEAN physicalPresenceLifetimeLock; 582 BOOLEAN physicalPresenceHWEnable; 583 BOOLEAN physicalPresenceCMDEnable; 584 BOOLEAN CEKPUsed; 585 BOOLEAN TPMpost; 586 BOOLEAN TPMpostLock; 587 BOOLEAN FIPS; 588 BOOLEAN operator; 589 BOOLEAN enableRevokeEK; 590 BOOLEAN nvLocked; 591 BOOLEAN readSRKPub; 592 BOOLEAN tpmEstablished; 593 BOOLEAN maintenanceDone; 594 BOOLEAN disableFullDALogicInfo; 595 } TPM_PERMANENT_FLAGS; 596 597 // 598 // Part 2, section 7.1.1: PERMANENT_FLAGS Subcap for SetCapability 599 // 600 #define TPM_PF_DISABLE ((TPM_CAPABILITY_AREA) 1) 601 #define TPM_PF_OWNERSHIP ((TPM_CAPABILITY_AREA) 2) 602 #define TPM_PF_DEACTIVATED ((TPM_CAPABILITY_AREA) 3) 603 #define TPM_PF_READPUBEK ((TPM_CAPABILITY_AREA) 4) 604 #define TPM_PF_DISABLEOWNERCLEAR ((TPM_CAPABILITY_AREA) 5) 605 #define TPM_PF_ALLOWMAINTENANCE ((TPM_CAPABILITY_AREA) 6) 606 #define TPM_PF_PHYSICALPRESENCELIFETIMELOCK ((TPM_CAPABILITY_AREA) 7) 607 #define TPM_PF_PHYSICALPRESENCEHWENABLE ((TPM_CAPABILITY_AREA) 8) 608 #define TPM_PF_PHYSICALPRESENCECMDENABLE ((TPM_CAPABILITY_AREA) 9) 609 #define TPM_PF_CEKPUSED ((TPM_CAPABILITY_AREA) 10) 610 #define TPM_PF_TPMPOST ((TPM_CAPABILITY_AREA) 11) 611 #define TPM_PF_TPMPOSTLOCK ((TPM_CAPABILITY_AREA) 12) 612 #define TPM_PF_FIPS ((TPM_CAPABILITY_AREA) 13) 613 #define TPM_PF_OPERATOR ((TPM_CAPABILITY_AREA) 14) 614 #define TPM_PF_ENABLEREVOKEEK ((TPM_CAPABILITY_AREA) 15) 615 #define TPM_PF_NV_LOCKED ((TPM_CAPABILITY_AREA) 16) 616 #define TPM_PF_READSRKPUB ((TPM_CAPABILITY_AREA) 17) 617 #define TPM_PF_TPMESTABLISHED ((TPM_CAPABILITY_AREA) 18) 618 #define TPM_PF_MAINTENANCEDONE ((TPM_CAPABILITY_AREA) 19) 619 #define TPM_PF_DISABLEFULLDALOGICINFO ((TPM_CAPABILITY_AREA) 20) 620 621 // 622 // Part 2, section 7.2: TPM_STCLEAR_FLAGS 623 // 624 typedef struct tdTPM_STCLEAR_FLAGS{ 625 TPM_STRUCTURE_TAG tag; 626 BOOLEAN deactivated; 627 BOOLEAN disableForceClear; 628 BOOLEAN physicalPresence; 629 BOOLEAN physicalPresenceLock; 630 BOOLEAN bGlobalLock; 631 } TPM_STCLEAR_FLAGS; 632 633 // 634 // Part 2, section 7.2.1: STCLEAR_FLAGS Subcap for SetCapability 635 // 636 #define TPM_SF_DEACTIVATED ((TPM_CAPABILITY_AREA) 1) 637 #define TPM_SF_DISABLEFORCECLEAR ((TPM_CAPABILITY_AREA) 2) 638 #define TPM_SF_PHYSICALPRESENCE ((TPM_CAPABILITY_AREA) 3) 639 #define TPM_SF_PHYSICALPRESENCELOCK ((TPM_CAPABILITY_AREA) 4) 640 #define TPM_SF_BGLOBALLOCK ((TPM_CAPABILITY_AREA) 5) 641 642 // 643 // Part 2, section 7.3: TPM_STANY_FLAGS 644 // 645 typedef struct tdTPM_STANY_FLAGS{ 646 TPM_STRUCTURE_TAG tag; 647 BOOLEAN postInitialise; 648 TPM_MODIFIER_INDICATOR localityModifier; 649 BOOLEAN transportExclusive; 650 BOOLEAN TOSPresent; 651 } TPM_STANY_FLAGS; 652 653 // 654 // Part 2, section 7.3.1: STANY_FLAGS Subcap for SetCapability 655 // 656 #define TPM_AF_POSTINITIALISE ((TPM_CAPABILITY_AREA) 1) 657 #define TPM_AF_LOCALITYMODIFIER ((TPM_CAPABILITY_AREA) 2) 658 #define TPM_AF_TRANSPORTEXCLUSIVE ((TPM_CAPABILITY_AREA) 3) 659 #define TPM_AF_TOSPRESENT ((TPM_CAPABILITY_AREA) 4) 660 661 // 662 // All those structures (section 7.4, 7.5, 7.6) are not normative and 663 // thus no definitions here 664 // 665 // Part 2, section 7.4: TPM_PERMANENT_DATA 666 // 667 #define TPM_MIN_COUNTERS 4 // the minimum number of counters is 4 668 #define TPM_DELEGATE_KEY TPM_KEY 669 #define TPM_NUM_PCR 16 670 #define TPM_MAX_NV_WRITE_NOOWNER 64 671 672 //typedef struct tdTPM_PERMANENT_DATA 673 //{ 674 // TPM_STRUCTURE_TAG tag; 675 // UINT8 revMajor; 676 // UINT8 revMinor; 677 // TPM_NONCE tpmProof; 678 // TPM_NONCE ekReset; 679 // TPM_SECRET ownerAuth; 680 // TPM_SECRET operatorAuth; 681 // TPM_DIRVALUE authDIR[1]; 682 // TPM_PUBKEY manuMaintPub; 683 // TPM_KEY endorsementKey; 684 // TPM_KEY srk; 685 // TPM_KEY contextKey; 686 // TPM_KEY delegateKey; 687 // TPM_COUNTER_VALUE auditMonotonicCounter; 688 // TPM_COUNTER_VALUE monitonicCounter[TPM_MIN_COUNTERS]; 689 // TPM_PCR_ATTRIBUTES pcrAttrib[TPM_NUM_PCR]; 690 // UINT8 ordinalAuditStatus[]; 691 // UINT8 *rngState; 692 // TPM_FAMILY_TABLE familyTable; 693 // TPM_DELEGATE_TABLE delegateTable; 694 // UINT32 maxNVBufSize; 695 // UINT32 lastFamilyID; 696 // UINT32 noOwnerNVWrite; 697 // TPM_CMK_DELEGATE restrictDelegate; 698 // TPM_DAA_TPM_SEED tpmDAASeed; 699 // TPM_NONCE daaProff; 700 // TPM_KEY daaBlobKey; 701 //} TPM_PERMANENT_DATA; 702 703 // 704 // Part 2, section 7.4.1: PERMANENT_DATA Subcap for SetCapability 705 // 706 #define TPM_PD_REVMAJOR ((TPM_CAPABILITY_AREA) 1) 707 #define TPM_PD_REVMINOR ((TPM_CAPABILITY_AREA) 2) 708 #define TPM_PD_TPMPROOF ((TPM_CAPABILITY_AREA) 3) 709 #define TPM_PD_OWNERAUTH ((TPM_CAPABILITY_AREA) 4) 710 #define TPM_PD_OPERATORAUTH ((TPM_CAPABILITY_AREA) 5) 711 #define TPM_PD_MANUMAINTPUB ((TPM_CAPABILITY_AREA) 6) 712 #define TPM_PD_ENDORSEMENTKEY ((TPM_CAPABILITY_AREA) 7) 713 #define TPM_PD_SRK ((TPM_CAPABILITY_AREA) 8) 714 #define TPM_PD_DELEGATEKEY ((TPM_CAPABILITY_AREA) 9) 715 #define TPM_PD_CONTEXTKEY ((TPM_CAPABILITY_AREA) 10) 716 #define TPM_PD_AUDITMONOTONICCOUNTER ((TPM_CAPABILITY_AREA) 11) 717 #define TPM_PD_MONOTONICCOUNTER ((TPM_CAPABILITY_AREA) 12) 718 #define TPM_PD_PCRATTRIB ((TPM_CAPABILITY_AREA) 13) 719 #define TPM_PD_ORDINALAUDITSTATUS ((TPM_CAPABILITY_AREA) 14) 720 #define TPM_PD_AUTHDIR ((TPM_CAPABILITY_AREA) 15) 721 #define TPM_PD_RNGSTATE ((TPM_CAPABILITY_AREA) 16) 722 #define TPM_PD_FAMILYTABLE ((TPM_CAPABILITY_AREA) 17) 723 #define TPM_DELEGATETABLE ((TPM_CAPABILITY_AREA) 18) 724 #define TPM_PD_EKRESET ((TPM_CAPABILITY_AREA) 19) 725 #define TPM_PD_MAXNVBUFSIZE ((TPM_CAPABILITY_AREA) 20) 726 #define TPM_PD_LASTFAMILYID ((TPM_CAPABILITY_AREA) 21) 727 #define TPM_PD_NOOWNERNVWRITE ((TPM_CAPABILITY_AREA) 22) 728 #define TPM_PD_RESTRICTDELEGATE ((TPM_CAPABILITY_AREA) 23) 729 #define TPM_PD_TPMDAASEED ((TPM_CAPABILITY_AREA) 24) 730 #define TPM_PD_DAAPROOF ((TPM_CAPABILITY_AREA) 25) 731 732 // 733 // Part 2, section 7.5: TPM_STCLEAR_DATA 734 // available inside TPM only 735 // 736 typedef struct tdTPM_STCLEAR_DATA{ 737 TPM_STRUCTURE_TAG tag; 738 TPM_NONCE contextNonceKey; 739 TPM_COUNT_ID countID; 740 UINT32 ownerReference; 741 BOOLEAN disableResetLock; 742 TPM_PCRVALUE PCR[TPM_NUM_PCR]; 743 UINT32 deferredPhysicalPresence; 744 }TPM_STCLEAR_DATA; 745 746 // 747 // Part 2, section 7.5.1: STCLEAR_DATA Subcap for SetCapability 748 // 749 #define TPM_SD_CONTEXTNONCEKEY ((TPM_CAPABILITY_AREA)0x00000001) 750 #define TPM_SD_COUNTID ((TPM_CAPABILITY_AREA)0x00000002) 751 #define TPM_SD_OWNERREFERENCE ((TPM_CAPABILITY_AREA)0x00000003) 752 #define TPM_SD_DISABLERESETLOCK ((TPM_CAPABILITY_AREA)0x00000004) 753 #define TPM_SD_PCR ((TPM_CAPABILITY_AREA)0x00000005) 754 #define TPM_SD_DEFERREDPHYSICALPRESENCE ((TPM_CAPABILITY_AREA)0x00000006) 755 756 // 757 // Part 2, section 7.6: TPM_STANY_DATA 758 // available inside TPM only 759 // 760 //typedef struct tdTPM_STANY_DATA 761 //{ 762 // TPM_STRUCTURE_TAG tag; 763 // TPM_NONCE contextNonceSession; 764 // TPM_DIGEST auditDigest; 765 // TPM_CURRENT_TICKS currentTicks; 766 // UINT32 contextCount; 767 // UINT32 contextList[TPM_MIN_SESSION_LIST]; 768 // TPM_SESSION_DATA sessions[TPM_MIN_SESSIONS]; 769 //} TPM_STANY_DATA; 770 771 // 772 // Part 2, section 7.6.1: STANY_DATA Subcap for SetCapability 773 // 774 #define TPM_AD_CONTEXTNONCESESSION ((TPM_CAPABILITY_AREA) 1) 775 #define TPM_AD_AUDITDIGEST ((TPM_CAPABILITY_AREA) 2) 776 #define TPM_AD_CURRENTTICKS ((TPM_CAPABILITY_AREA) 3) 777 #define TPM_AD_CONTEXTCOUNT ((TPM_CAPABILITY_AREA) 4) 778 #define TPM_AD_CONTEXTLIST ((TPM_CAPABILITY_AREA) 5) 779 #define TPM_AD_SESSIONS ((TPM_CAPABILITY_AREA) 6) 780 781 // 782 // Part 2, section 8: PCR Structures 783 // 784 785 // 786 // Part 2, section 8.1: TPM_PCR_SELECTION 787 // Size of pcrSelect[] indicated by sizeOfSelect 788 // 789 typedef struct tdTPM_PCR_SELECTION { 790 UINT16 sizeOfSelect; 791 UINT8 pcrSelect[1]; 792 } TPM_PCR_SELECTION; 793 794 // 795 // Part 2, section 8.2: TPM_PCR_COMPOSITE 796 // Size of pcrValue[] indicated by valueSize 797 // 798 typedef struct tdTPM_PCR_COMPOSITE { 799 TPM_PCR_SELECTION select; 800 UINT32 valueSize; 801 TPM_PCRVALUE pcrValue[1]; 802 } TPM_PCR_COMPOSITE; 803 804 // 805 // Part 2, section 8.3: TPM_PCR_INFO 806 // 807 typedef struct tdTPM_PCR_INFO { 808 TPM_PCR_SELECTION pcrSelection; 809 TPM_COMPOSITE_HASH digestAtRelease; 810 TPM_COMPOSITE_HASH digestAtCreation; 811 } TPM_PCR_INFO; 812 813 // 814 // Part 2, section 8.6: TPM_LOCALITY_SELECTION 815 // 816 typedef UINT8 TPM_LOCALITY_SELECTION; 817 818 #define TPM_LOC_FOUR ((UINT8) 0x10) 819 #define TPM_LOC_THREE ((UINT8) 0x08) 820 #define TPM_LOC_TWO ((UINT8) 0x04) 821 #define TPM_LOC_ONE ((UINT8) 0x02) 822 #define TPM_LOC_ZERO ((UINT8) 0x01) 823 824 // 825 // Part 2, section 8.4: TPM_PCR_INFO_LONG 826 // 827 typedef struct tdTPM_PCR_INFO_LONG { 828 TPM_STRUCTURE_TAG tag; 829 TPM_LOCALITY_SELECTION localityAtCreation; 830 TPM_LOCALITY_SELECTION localityAtRelease; 831 TPM_PCR_SELECTION creationPCRSelection; 832 TPM_PCR_SELECTION releasePCRSelection; 833 TPM_COMPOSITE_HASH digestAtCreation; 834 TPM_COMPOSITE_HASH digestAtRelease; 835 } TPM_PCR_INFO_LONG; 836 837 // 838 // Part 2, section 8.5: TPM_PCR_INFO_SHORT 839 // 840 typedef struct tdTPM_PCR_INFO_SHORT{ 841 TPM_PCR_SELECTION pcrSelection; 842 TPM_LOCALITY_SELECTION localityAtRelease; 843 TPM_COMPOSITE_HASH digestAtRelease; 844 } TPM_PCR_INFO_SHORT; 845 846 // 847 // Part 2, section 8.8: TPM_PCR_ATTRIBUTES 848 // 849 typedef struct tdTPM_PCR_ATTRIBUTES{ 850 BOOLEAN pcrReset; 851 TPM_LOCALITY_SELECTION pcrExtendLocal; 852 TPM_LOCALITY_SELECTION pcrResetLocal; 853 } TPM_PCR_ATTRIBUTES; 854 855 // 856 // Part 2, section 9: Storage Structures 857 // 858 859 // 860 // Part 2, section 9.1: TPM_STORED_DATA 861 // [size_is(sealInfoSize)] BYTE* sealInfo; 862 // [size_is(encDataSize)] BYTE* encData; 863 // 864 typedef struct tdTPM_STORED_DATA { 865 TPM_STRUCT_VER ver; 866 UINT32 sealInfoSize; 867 UINT8 *sealInfo; 868 UINT32 encDataSize; 869 UINT8 *encData; 870 } TPM_STORED_DATA; 871 872 // 873 // Part 2, section 9.2: TPM_STORED_DATA12 874 // [size_is(sealInfoSize)] BYTE* sealInfo; 875 // [size_is(encDataSize)] BYTE* encData; 876 // 877 typedef struct tdTPM_STORED_DATA12 { 878 TPM_STRUCTURE_TAG tag; 879 TPM_ENTITY_TYPE et; 880 UINT32 sealInfoSize; 881 UINT8 *sealInfo; 882 UINT32 encDataSize; 883 UINT8 *encData; 884 } TPM_STORED_DATA12; 885 886 // 887 // Part 2, section 9.3: TPM_SEALED_DATA 888 // [size_is(dataSize)] BYTE* data; 889 // 890 typedef struct tdTPM_SEALED_DATA { 891 TPM_PAYLOAD_TYPE payload; 892 TPM_SECRET authData; 893 TPM_NONCE tpmProof; 894 TPM_DIGEST storedDigest; 895 UINT32 dataSize; 896 UINT8 *data; 897 } TPM_SEALED_DATA; 898 899 // 900 // Part 2, section 9.4: TPM_SYMMETRIC_KEY 901 // [size_is(size)] BYTE* data; 902 // 903 typedef struct tdTPM_SYMMETRIC_KEY { 904 TPM_ALGORITHM_ID algId; 905 TPM_ENC_SCHEME encScheme; 906 UINT16 dataSize; 907 UINT8 *data; 908 } TPM_SYMMETRIC_KEY; 909 910 // 911 // Part 2, section 9.5: TPM_BOUND_DATA 912 // 913 typedef struct tdTPM_BOUND_DATA { 914 TPM_STRUCT_VER ver; 915 TPM_PAYLOAD_TYPE payload; 916 UINT8 payloadData[1]; 917 } TPM_BOUND_DATA; 918 919 // 920 // Part 2 section 10: TPM_KEY complex 921 // 922 923 // 924 // Part 2, section 10.2: TPM_KEY 925 // [size_is(encDataSize)] BYTE* encData; 926 // 927 typedef struct tdTPM_KEY{ 928 TPM_STRUCT_VER ver; 929 TPM_KEY_USAGE keyUsage; 930 TPM_KEY_FLAGS keyFlags; 931 TPM_AUTH_DATA_USAGE authDataUsage; 932 TPM_KEY_PARMS algorithmParms; 933 UINT32 PCRInfoSize; 934 UINT8 *PCRInfo; 935 TPM_STORE_PUBKEY pubKey; 936 UINT32 encDataSize; 937 UINT8 *encData; 938 } TPM_KEY; 939 940 // 941 // Part 2, section 10.3: TPM_KEY12 942 // [size_is(encDataSize)] BYTE* encData; 943 // 944 typedef struct tdTPM_KEY12{ 945 TPM_STRUCTURE_TAG tag; 946 UINT16 fill; 947 TPM_KEY_USAGE keyUsage; 948 TPM_KEY_FLAGS keyFlags; 949 TPM_AUTH_DATA_USAGE authDataUsage; 950 TPM_KEY_PARMS algorithmParms; 951 UINT32 PCRInfoSize; 952 UINT8 *PCRInfo; 953 TPM_STORE_PUBKEY pubKey; 954 UINT32 encDataSize; 955 UINT8 *encData; 956 } TPM_KEY12; 957 958 // 959 // Part 2, section 10.7: TPM_STORE_PRIVKEY 960 // [size_is(keyLength)] BYTE* key; 961 // 962 typedef struct tdTPM_STORE_PRIVKEY { 963 UINT32 keyLength; 964 UINT8 *key; 965 } TPM_STORE_PRIVKEY; 966 967 // 968 // Part 2, section 10.6: TPM_STORE_ASYMKEY 969 // 970 typedef struct tdTPM_STORE_ASYMKEY { // pos len total 971 TPM_PAYLOAD_TYPE payload; // 0 1 1 972 TPM_SECRET usageAuth; // 1 20 21 973 TPM_SECRET migrationAuth; // 21 20 41 974 TPM_DIGEST pubDataDigest; // 41 20 61 975 TPM_STORE_PRIVKEY privKey; // 61 132-151 193-214 976 } TPM_STORE_ASYMKEY; 977 978 // 979 // Part 2, section 10.8: TPM_MIGRATE_ASYMKEY 980 // [size_is(partPrivKeyLen)] BYTE* partPrivKey; 981 // 982 typedef struct tdTPM_MIGRATE_ASYMKEY { // pos len total 983 TPM_PAYLOAD_TYPE payload; // 0 1 1 984 TPM_SECRET usageAuth; // 1 20 21 985 TPM_DIGEST pubDataDigest; // 21 20 41 986 UINT32 partPrivKeyLen; // 41 4 45 987 UINT8 *partPrivKey; // 45 112-127 157-172 988 } TPM_MIGRATE_ASYMKEY; 989 990 // 991 // Part 2, section 10.9: TPM_KEY_CONTROL 992 // 993 #define TPM_KEY_CONTROL_OWNER_EVICT ((UINT32) 0x00000001) 994 995 // 996 // Part 2, section 11: Signed Structures 997 // 998 999 typedef struct tdTPM_CERTIFY_INFO 1000 { 1001 TPM_STRUCT_VER version; 1002 TPM_KEY_USAGE keyUsage; 1003 TPM_KEY_FLAGS keyFlags; 1004 TPM_AUTH_DATA_USAGE authDataUsage; 1005 TPM_KEY_PARMS algorithmParms; 1006 TPM_DIGEST pubkeyDigest; 1007 TPM_NONCE data; 1008 BOOLEAN parentPCRStatus; 1009 UINT32 PCRInfoSize; 1010 UINT8 *PCRInfo; 1011 } TPM_CERTIFY_INFO; 1012 1013 typedef struct tdTPM_CERTIFY_INFO2 1014 { 1015 TPM_STRUCTURE_TAG tag; 1016 UINT8 fill; 1017 TPM_PAYLOAD_TYPE payloadType; 1018 TPM_KEY_USAGE keyUsage; 1019 TPM_KEY_FLAGS keyFlags; 1020 TPM_AUTH_DATA_USAGE authDataUsage; 1021 TPM_KEY_PARMS algorithmParms; 1022 TPM_DIGEST pubkeyDigest; 1023 TPM_NONCE data; 1024 BOOLEAN parentPCRStatus; 1025 UINT32 PCRInfoSize; 1026 UINT8 *PCRInfo; 1027 UINT32 migrationAuthoritySize; 1028 UINT8 *migrationAuthority; 1029 } TPM_CERTIFY_INFO2; 1030 1031 typedef struct tdTPM_QUOTE_INFO 1032 { 1033 TPM_STRUCT_VER version; 1034 UINT8 fixed[4]; 1035 TPM_COMPOSITE_HASH digestValue; 1036 TPM_NONCE externalData; 1037 } TPM_QUOTE_INFO; 1038 1039 typedef struct tdTPM_QUOTE_INFO2 1040 { 1041 TPM_STRUCTURE_TAG tag; 1042 UINT8 fixed[4]; 1043 TPM_NONCE externalData; 1044 TPM_PCR_INFO_SHORT infoShort; 1045 } TPM_QUOTE_INFO2; 1046 1047 // 1048 // Part 2, section 12: Identity Structures 1049 // 1050 1051 typedef struct tdTPM_EK_BLOB 1052 { 1053 TPM_STRUCTURE_TAG tag; 1054 TPM_EK_TYPE ekType; 1055 UINT32 blobSize; 1056 UINT8 *blob; 1057 } TPM_EK_BLOB; 1058 1059 typedef struct tdTPM_EK_BLOB_ACTIVATE 1060 { 1061 TPM_STRUCTURE_TAG tag; 1062 TPM_SYMMETRIC_KEY sessionKey; 1063 TPM_DIGEST idDigest; 1064 TPM_PCR_INFO_SHORT pcrInfo; 1065 } TPM_EK_BLOB_ACTIVATE; 1066 1067 typedef struct tdTPM_EK_BLOB_AUTH 1068 { 1069 TPM_STRUCTURE_TAG tag; 1070 TPM_SECRET authValue; 1071 } TPM_EK_BLOB_AUTH; 1072 1073 1074 typedef struct tdTPM_IDENTITY_CONTENTS 1075 { 1076 TPM_STRUCT_VER ver; 1077 UINT32 ordinal; 1078 TPM_CHOSENID_HASH labelPrivCADigest; 1079 TPM_PUBKEY identityPubKey; 1080 } TPM_IDENTITY_CONTENTS; 1081 1082 typedef struct tdTPM_IDENTITY_REQ 1083 { 1084 UINT32 asymSize; 1085 UINT32 symSize; 1086 TPM_KEY_PARMS asymAlgorithm; 1087 TPM_KEY_PARMS symAlgorithm; 1088 UINT8 *asymBlob; 1089 UINT8 *symBlob; 1090 } TPM_IDENTITY_REQ; 1091 1092 typedef struct tdTPM_IDENTITY_PROOF 1093 { 1094 TPM_STRUCT_VER ver; 1095 UINT32 labelSize; 1096 UINT32 identityBindingSize; 1097 UINT32 endorsementSize; 1098 UINT32 platformSize; 1099 UINT32 conformanceSize; 1100 TPM_PUBKEY identityKey; 1101 UINT8 *labelArea; 1102 UINT8 *identityBinding; 1103 UINT8 *endorsementCredential; 1104 UINT8 *platformCredential; 1105 UINT8 *conformanceCredential; 1106 } TPM_IDENTITY_PROOF; 1107 1108 typedef struct tdTPM_ASYM_CA_CONTENTS 1109 { 1110 TPM_SYMMETRIC_KEY sessionKey; 1111 TPM_DIGEST idDigest; 1112 } TPM_ASYM_CA_CONTENTS; 1113 1114 typedef struct tdTPM_SYM_CA_ATTESTATION 1115 { 1116 UINT32 credSize; 1117 TPM_KEY_PARMS algorithm; 1118 UINT8 *credential; 1119 } TPM_SYM_CA_ATTESTATION; 1120 1121 // 1122 // Part 2, section 15: TPM_CURRENT_TICKS 1123 // Placed here out of order because definitions are used in section 13. 1124 // 1125 typedef struct tdTPM_CURRENT_TICKS { 1126 TPM_STRUCTURE_TAG tag; 1127 UINT64 currentTicks; 1128 UINT16 tickRate; 1129 TPM_NONCE tickNonce; 1130 } TPM_CURRENT_TICKS; 1131 1132 // 1133 // Part 2, section 13: Transport structures 1134 // 1135 1136 #define TPM_TRANSPORT_ENCRYPT ((UINT32)0x00000001) 1137 #define TPM_TRANSPORT_LOG ((UINT32)0x00000002) 1138 #define TPM_TRANSPORT_EXCLUSIVE ((UINT32)0x00000004) 1139 1140 typedef struct tdTPM_TRANSPORT_PUBLIC 1141 { 1142 TPM_STRUCTURE_TAG tag; 1143 TPM_TRANSPORT_ATTRIBUTES transAttributes; 1144 TPM_ALGORITHM_ID algId; 1145 TPM_ENC_SCHEME encScheme; 1146 } TPM_TRANSPORT_PUBLIC; 1147 1148 typedef struct tdTPM_TRANSPORT_INTERNAL 1149 { 1150 TPM_STRUCTURE_TAG tag; 1151 TPM_AUTHDATA authData; 1152 TPM_TRANSPORT_PUBLIC transPublic; 1153 TPM_TRANSHANDLE transHandle; 1154 TPM_NONCE transNonceEven; 1155 TPM_DIGEST transDigest; 1156 } TPM_TRANSPORT_INTERNAL; 1157 1158 typedef struct tdTPM_TRANSPORT_LOG_IN 1159 { 1160 TPM_STRUCTURE_TAG tag; 1161 TPM_DIGEST parameters; 1162 TPM_DIGEST pubKeyHash; 1163 } TPM_TRANSPORT_LOG_IN; 1164 1165 typedef struct tdTPM_TRANSPORT_LOG_OUT 1166 { 1167 TPM_STRUCTURE_TAG tag; 1168 TPM_CURRENT_TICKS currentTicks; 1169 TPM_DIGEST parameters; 1170 TPM_MODIFIER_INDICATOR locality; 1171 } TPM_TRANSPORT_LOG_OUT; 1172 1173 typedef struct tdTPM_TRANSPORT_AUTH 1174 { 1175 TPM_STRUCTURE_TAG tag; 1176 TPM_AUTHDATA authData; 1177 } TPM_TRANSPORT_AUTH; 1178 1179 // 1180 // Part 2, section 14: Audit Structures 1181 // 1182 1183 typedef struct tdTPM_AUDIT_EVENT_IN 1184 { 1185 TPM_STRUCTURE_TAG tag; 1186 TPM_DIGEST inputParms; 1187 TPM_COUNTER_VALUE auditCount; 1188 } TPM_AUDIT_EVENT_IN; 1189 1190 typedef struct tdTPM_AUDIT_EVENT_OUT 1191 { 1192 TPM_STRUCTURE_TAG tag; 1193 TPM_COMMAND_CODE ordinal; 1194 TPM_DIGEST outputParms; 1195 TPM_COUNTER_VALUE auditCount; 1196 TPM_RESULT returnCode; 1197 } TPM_AUDIT_EVENT_OUT; 1198 1199 // 1200 // Part 2, section 16: Return Codes 1201 // 1202 #ifndef TPM_BASE 1203 #error "TPM Error Codes require definition of TPM_BASE" 1204 #endif 1205 1206 #define TPM_VENDOR_ERROR TPM_Vendor_Specific32 1207 #define TPM_NON_FATAL 0x00000800 1208 1209 #define TPM_SUCCESS ((TPM_RESULT) TPM_BASE) 1210 #define TPM_AUTHFAIL ((TPM_RESULT) (TPM_BASE + 1)) 1211 #define TPM_BADINDEX ((TPM_RESULT) (TPM_BASE + 2)) 1212 #define TPM_BAD_PARAMETER ((TPM_RESULT) (TPM_BASE + 3)) 1213 #define TPM_AUDITFAILURE ((TPM_RESULT) (TPM_BASE + 4)) 1214 #define TPM_CLEAR_DISABLED ((TPM_RESULT) (TPM_BASE + 5)) 1215 #define TPM_DEACTIVATED ((TPM_RESULT) (TPM_BASE + 6)) 1216 #define TPM_DISABLED ((TPM_RESULT) (TPM_BASE + 7)) 1217 #define TPM_DISABLED_CMD ((TPM_RESULT) (TPM_BASE + 8)) 1218 #define TPM_FAIL ((TPM_RESULT) (TPM_BASE + 9)) 1219 #define TPM_BAD_ORDINAL ((TPM_RESULT) (TPM_BASE + 10)) 1220 #define TPM_INSTALL_DISABLED ((TPM_RESULT) (TPM_BASE + 11)) 1221 #define TPM_INVALID_KEYHANDLE ((TPM_RESULT) (TPM_BASE + 12)) 1222 #define TPM_KEYNOTFOUND ((TPM_RESULT) (TPM_BASE + 13)) 1223 #define TPM_INAPPROPRIATE_ENC ((TPM_RESULT) (TPM_BASE + 14)) 1224 #define TPM_MIGRATEFAIL ((TPM_RESULT) (TPM_BASE + 15)) 1225 #define TPM_INVALID_PCR_INFO ((TPM_RESULT) (TPM_BASE + 16)) 1226 #define TPM_NOSPACE ((TPM_RESULT) (TPM_BASE + 17)) 1227 #define TPM_NOSRK ((TPM_RESULT) (TPM_BASE + 18)) 1228 #define TPM_NOTSEALED_BLOB ((TPM_RESULT) (TPM_BASE + 19)) 1229 #define TPM_OWNER_SET ((TPM_RESULT) (TPM_BASE + 20)) 1230 #define TPM_RESOURCES ((TPM_RESULT) (TPM_BASE + 21)) 1231 #define TPM_SHORTRANDOM ((TPM_RESULT) (TPM_BASE + 22)) 1232 #define TPM_SIZE ((TPM_RESULT) (TPM_BASE + 23)) 1233 #define TPM_WRONGPCRVAL ((TPM_RESULT) (TPM_BASE + 24)) 1234 #define TPM_BAD_PARAM_SIZE ((TPM_RESULT) (TPM_BASE + 25)) 1235 #define TPM_SHA_THREAD ((TPM_RESULT) (TPM_BASE + 26)) 1236 #define TPM_SHA_ERROR ((TPM_RESULT) (TPM_BASE + 27)) 1237 #define TPM_FAILEDSELFTEST ((TPM_RESULT) (TPM_BASE + 28)) 1238 #define TPM_AUTH2FAIL ((TPM_RESULT) (TPM_BASE + 29)) 1239 #define TPM_BADTAG ((TPM_RESULT) (TPM_BASE + 30)) 1240 #define TPM_IOERROR ((TPM_RESULT) (TPM_BASE + 31)) 1241 #define TPM_ENCRYPT_ERROR ((TPM_RESULT) (TPM_BASE + 32)) 1242 #define TPM_DECRYPT_ERROR ((TPM_RESULT) (TPM_BASE + 33)) 1243 #define TPM_INVALID_AUTHHANDLE ((TPM_RESULT) (TPM_BASE + 34)) 1244 #define TPM_NO_ENDORSEMENT ((TPM_RESULT) (TPM_BASE + 35)) 1245 #define TPM_INVALID_KEYUSAGE ((TPM_RESULT) (TPM_BASE + 36)) 1246 #define TPM_WRONG_ENTITYTYPE ((TPM_RESULT) (TPM_BASE + 37)) 1247 #define TPM_INVALID_POSTINIT ((TPM_RESULT) (TPM_BASE + 38)) 1248 #define TPM_INAPPROPRIATE_SIG ((TPM_RESULT) (TPM_BASE + 39)) 1249 #define TPM_BAD_KEY_PROPERTY ((TPM_RESULT) (TPM_BASE + 40)) 1250 #define TPM_BAD_MIGRATION ((TPM_RESULT) (TPM_BASE + 41)) 1251 #define TPM_BAD_SCHEME ((TPM_RESULT) (TPM_BASE + 42)) 1252 #define TPM_BAD_DATASIZE ((TPM_RESULT) (TPM_BASE + 43)) 1253 #define TPM_BAD_MODE ((TPM_RESULT) (TPM_BASE + 44)) 1254 #define TPM_BAD_PRESENCE ((TPM_RESULT) (TPM_BASE + 45)) 1255 #define TPM_BAD_VERSION ((TPM_RESULT) (TPM_BASE + 46)) 1256 #define TPM_NO_WRAP_TRANSPORT ((TPM_RESULT) (TPM_BASE + 47)) 1257 #define TPM_AUDITFAIL_UNSUCCESSFUL ((TPM_RESULT) (TPM_BASE + 48)) 1258 #define TPM_AUDITFAIL_SUCCESSFUL ((TPM_RESULT) (TPM_BASE + 49)) 1259 #define TPM_NOTRESETABLE ((TPM_RESULT) (TPM_BASE + 50)) 1260 #define TPM_NOTLOCAL ((TPM_RESULT) (TPM_BASE + 51)) 1261 #define TPM_BAD_TYPE ((TPM_RESULT) (TPM_BASE + 52)) 1262 #define TPM_INVALID_RESOURCE ((TPM_RESULT) (TPM_BASE + 53)) 1263 #define TPM_NOTFIPS ((TPM_RESULT) (TPM_BASE + 54)) 1264 #define TPM_INVALID_FAMILY ((TPM_RESULT) (TPM_BASE + 55)) 1265 #define TPM_NO_NV_PERMISSION ((TPM_RESULT) (TPM_BASE + 56)) 1266 #define TPM_REQUIRES_SIGN ((TPM_RESULT) (TPM_BASE + 57)) 1267 #define TPM_KEY_NOTSUPPORTED ((TPM_RESULT) (TPM_BASE + 58)) 1268 #define TPM_AUTH_CONFLICT ((TPM_RESULT) (TPM_BASE + 59)) 1269 #define TPM_AREA_LOCKED ((TPM_RESULT) (TPM_BASE + 60)) 1270 #define TPM_BAD_LOCALITY ((TPM_RESULT) (TPM_BASE + 61)) 1271 #define TPM_READ_ONLY ((TPM_RESULT) (TPM_BASE + 62)) 1272 #define TPM_PER_NOWRITE ((TPM_RESULT) (TPM_BASE + 63)) 1273 #define TPM_FAMILYCOUNT ((TPM_RESULT) (TPM_BASE + 64)) 1274 #define TPM_WRITE_LOCKED ((TPM_RESULT) (TPM_BASE + 65)) 1275 #define TPM_BAD_ATTRIBUTES ((TPM_RESULT) (TPM_BASE + 66)) 1276 #define TPM_INVALID_STRUCTURE ((TPM_RESULT) (TPM_BASE + 67)) 1277 #define TPM_KEY_OWNER_CONTROL ((TPM_RESULT) (TPM_BASE + 68)) 1278 #define TPM_BAD_COUNTER ((TPM_RESULT) (TPM_BASE + 69)) 1279 #define TPM_NOT_FULLWRITE ((TPM_RESULT) (TPM_BASE + 70)) 1280 #define TPM_CONTEXT_GAP ((TPM_RESULT) (TPM_BASE + 71)) 1281 #define TPM_MAXNVWRITES ((TPM_RESULT) (TPM_BASE + 72)) 1282 #define TPM_NOOPERATOR ((TPM_RESULT) (TPM_BASE + 73)) 1283 #define TPM_RESOURCEMISSING ((TPM_RESULT) (TPM_BASE + 74)) 1284 #define TPM_DELEGATE_LOCK ((TPM_RESULT) (TPM_BASE + 75)) 1285 #define TPM_DELEGATE_FAMILY ((TPM_RESULT) (TPM_BASE + 76)) 1286 #define TPM_DELEGATE_ADMIN ((TPM_RESULT) (TPM_BASE + 77)) 1287 #define TPM_TRANSPORT_NOTEXCLUSIVE ((TPM_RESULT) (TPM_BASE + 78)) 1288 #define TPM_OWNER_CONTROL ((TPM_RESULT) (TPM_BASE + 79)) 1289 #define TPM_DAA_RESOURCES ((TPM_RESULT) (TPM_BASE + 80)) 1290 #define TPM_DAA_INPUT_DATA0 ((TPM_RESULT) (TPM_BASE + 81)) 1291 #define TPM_DAA_INPUT_DATA1 ((TPM_RESULT) (TPM_BASE + 82)) 1292 #define TPM_DAA_ISSUER_SETTINGS ((TPM_RESULT) (TPM_BASE + 83)) 1293 #define TPM_DAA_TPM_SETTINGS ((TPM_RESULT) (TPM_BASE + 84)) 1294 #define TPM_DAA_STAGE ((TPM_RESULT) (TPM_BASE + 85)) 1295 #define TPM_DAA_ISSUER_VALIDITY ((TPM_RESULT) (TPM_BASE + 86)) 1296 #define TPM_DAA_WRONG_W ((TPM_RESULT) (TPM_BASE + 87)) 1297 #define TPM_BAD_HANDLE ((TPM_RESULT) (TPM_BASE + 88)) 1298 #define TPM_BAD_DELEGATE ((TPM_RESULT) (TPM_BASE + 89)) 1299 #define TPM_BADCONTEXT ((TPM_RESULT) (TPM_BASE + 90)) 1300 #define TPM_TOOMANYCONTEXTS ((TPM_RESULT) (TPM_BASE + 91)) 1301 #define TPM_MA_TICKET_SIGNATURE ((TPM_RESULT) (TPM_BASE + 92)) 1302 #define TPM_MA_DESTINATION ((TPM_RESULT) (TPM_BASE + 93)) 1303 #define TPM_MA_SOURCE ((TPM_RESULT) (TPM_BASE + 94)) 1304 #define TPM_MA_AUTHORITY ((TPM_RESULT) (TPM_BASE + 95)) 1305 #define TPM_PERMANENTEK ((TPM_RESULT) (TPM_BASE + 97)) 1306 #define TPM_BAD_SIGNATURE ((TPM_RESULT) (TPM_BASE + 98)) 1307 #define TPM_NOCONTEXTSPACE ((TPM_RESULT) (TPM_BASE + 99)) 1308 1309 #define TPM_RETRY ((TPM_RESULT) (TPM_BASE + TPM_NON_FATAL)) 1310 #define TPM_NEEDS_SELFTEST ((TPM_RESULT) (TPM_BASE + TPM_NON_FATAL + 1)) 1311 #define TPM_DOING_SELFTEST ((TPM_RESULT) (TPM_BASE + TPM_NON_FATAL + 2)) 1312 #define TPM_DEFEND_LOCK_RUNNING ((TPM_RESULT) (TPM_BASE + TPM_NON_FATAL + 3)) 1313 1314 // 1315 // Part 2, section 17: Ordinals 1316 // 1317 // Ordinals are 32 bit values. The upper byte contains values that serve as 1318 // flag indicators, the next byte contains values indicating what committee 1319 // designated the ordinal, and the final two bytes contain the Command 1320 // Ordinal Index. 1321 // 3 2 1 1322 // 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 1323 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1324 // |P|C|V| Reserved| Purview | Command Ordinal Index | 1325 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1326 // 1327 // Where: 1328 // 1329 // * P is Protected/Unprotected command. When 0 the command is a Protected 1330 // command, when 1 the command is an Unprotected command. 1331 // 1332 // * C is Non-Connection/Connection related command. When 0 this command 1333 // passes through to either the protected (TPM) or unprotected (TSS) 1334 // components. 1335 // 1336 // * V is TPM/Vendor command. When 0 the command is TPM defined, when 1 the 1337 // command is vendor defined. 1338 // 1339 // * All reserved area bits are set to 0. 1340 // 1341 1342 #define TPM_ORD_ActivateIdentity ((TPM_COMMAND_CODE) 0x0000007A) 1343 #define TPM_ORD_AuthorizeMigrationKey ((TPM_COMMAND_CODE) 0x0000002B) 1344 #define TPM_ORD_CertifyKey ((TPM_COMMAND_CODE) 0x00000032) 1345 #define TPM_ORD_CertifyKey2 ((TPM_COMMAND_CODE) 0x00000033) 1346 #define TPM_ORD_CertifySelfTest ((TPM_COMMAND_CODE) 0x00000052) 1347 #define TPM_ORD_ChangeAuth ((TPM_COMMAND_CODE) 0x0000000C) 1348 #define TPM_ORD_ChangeAuthAsymFinish ((TPM_COMMAND_CODE) 0x0000000F) 1349 #define TPM_ORD_ChangeAuthAsymStart ((TPM_COMMAND_CODE) 0x0000000E) 1350 #define TPM_ORD_ChangeAuthOwner ((TPM_COMMAND_CODE) 0x00000010) 1351 #define TPM_ORD_CMK_ApproveMA ((TPM_COMMAND_CODE) 0x0000001D) 1352 #define TPM_ORD_CMK_ConvertMigration ((TPM_COMMAND_CODE) 0x00000024) 1353 #define TPM_ORD_CMK_CreateBlob ((TPM_COMMAND_CODE) 0x0000001B) 1354 #define TPM_ORD_CMK_CreateKey ((TPM_COMMAND_CODE) 0x00000013) 1355 #define TPM_ORD_CMK_CreateTicket ((TPM_COMMAND_CODE) 0x00000012) 1356 #define TPM_ORD_CMK_SetRestrictions ((TPM_COMMAND_CODE) 0x0000001C) 1357 #define TPM_ORD_ContinueSelfTest ((TPM_COMMAND_CODE) 0x00000053) 1358 #define TPM_ORD_ConvertMigrationBlob ((TPM_COMMAND_CODE) 0x0000002A) 1359 #define TPM_ORD_CreateCounter ((TPM_COMMAND_CODE) 0x000000DC) 1360 #define TPM_ORD_CreateEndorsementKeyPair ((TPM_COMMAND_CODE) 0x00000078) 1361 #define TPM_ORD_CreateMaintenanceArchive ((TPM_COMMAND_CODE) 0x0000002C) 1362 #define TPM_ORD_CreateMigrationBlob ((TPM_COMMAND_CODE) 0x00000028) 1363 #define TPM_ORD_CreateRevocableEK ((TPM_COMMAND_CODE) 0x0000007F) 1364 #define TPM_ORD_CreateWrapKey ((TPM_COMMAND_CODE) 0x0000001F) 1365 #define TPM_ORD_DAA_JOIN ((TPM_COMMAND_CODE) 0x00000029) 1366 #define TPM_ORD_DAA_SIGN ((TPM_COMMAND_CODE) 0x00000031) 1367 #define TPM_ORD_Delegate_CreateKeyDelegation ((TPM_COMMAND_CODE) 0x000000D4) 1368 #define TPM_ORD_Delegate_CreateOwnerDelegation ((TPM_COMMAND_CODE) 0x000000D5) 1369 #define TPM_ORD_Delegate_LoadOwnerDelegation ((TPM_COMMAND_CODE) 0x000000D8) 1370 #define TPM_ORD_Delegate_Manage ((TPM_COMMAND_CODE) 0x000000D2) 1371 #define TPM_ORD_Delegate_ReadTable ((TPM_COMMAND_CODE) 0x000000DB) 1372 #define TPM_ORD_Delegate_UpdateVerification ((TPM_COMMAND_CODE) 0x000000D1) 1373 #define TPM_ORD_Delegate_VerifyDelegation ((TPM_COMMAND_CODE) 0x000000D6) 1374 #define TPM_ORD_DirRead ((TPM_COMMAND_CODE) 0x0000001A) 1375 #define TPM_ORD_DirWriteAuth ((TPM_COMMAND_CODE) 0x00000019) 1376 #define TPM_ORD_DisableForceClear ((TPM_COMMAND_CODE) 0x0000005E) 1377 #define TPM_ORD_DisableOwnerClear ((TPM_COMMAND_CODE) 0x0000005C) 1378 #define TPM_ORD_DisablePubekRead ((TPM_COMMAND_CODE) 0x0000007E) 1379 #define TPM_ORD_DSAP ((TPM_COMMAND_CODE) 0x00000011) 1380 #define TPM_ORD_EstablishTransport ((TPM_COMMAND_CODE) 0x000000E6) 1381 #define TPM_ORD_EvictKey ((TPM_COMMAND_CODE) 0x00000022) 1382 #define TPM_ORD_ExecuteTransport ((TPM_COMMAND_CODE) 0x000000E7) 1383 #define TPM_ORD_Extend ((TPM_COMMAND_CODE) 0x00000014) 1384 #define TPM_ORD_FieldUpgrade ((TPM_COMMAND_CODE) 0x000000AA) 1385 #define TPM_ORD_FlushSpecific ((TPM_COMMAND_CODE) 0x000000BA) 1386 #define TPM_ORD_ForceClear ((TPM_COMMAND_CODE) 0x0000005D) 1387 #define TPM_ORD_GetAuditDigest ((TPM_COMMAND_CODE) 0x00000085) 1388 #define TPM_ORD_GetAuditDigestSigned ((TPM_COMMAND_CODE) 0x00000086) 1389 #define TPM_ORD_GetAuditEvent ((TPM_COMMAND_CODE) 0x00000082) 1390 #define TPM_ORD_GetAuditEventSigned ((TPM_COMMAND_CODE) 0x00000083) 1391 #define TPM_ORD_GetCapability ((TPM_COMMAND_CODE) 0x00000065) 1392 #define TPM_ORD_GetCapabilityOwner ((TPM_COMMAND_CODE) 0x00000066) 1393 #define TPM_ORD_GetCapabilitySigned ((TPM_COMMAND_CODE) 0x00000064) 1394 #define TPM_ORD_GetOrdinalAuditStatus ((TPM_COMMAND_CODE) 0x0000008C) 1395 #define TPM_ORD_GetPubKey ((TPM_COMMAND_CODE) 0x00000021) 1396 #define TPM_ORD_GetRandom ((TPM_COMMAND_CODE) 0x00000046) 1397 #define TPM_ORD_GetTestResult ((TPM_COMMAND_CODE) 0x00000054) 1398 #define TPM_ORD_GetTicks ((TPM_COMMAND_CODE) 0x000000F1) 1399 #define TPM_ORD_IncrementCounter ((TPM_COMMAND_CODE) 0x000000DD) 1400 #define TPM_ORD_Init ((TPM_COMMAND_CODE) 0x00000097) 1401 #define TPM_ORD_KeyControlOwner ((TPM_COMMAND_CODE) 0x00000023) 1402 #define TPM_ORD_KillMaintenanceFeature ((TPM_COMMAND_CODE) 0x0000002E) 1403 #define TPM_ORD_LoadAuthContext ((TPM_COMMAND_CODE) 0x000000B7) 1404 #define TPM_ORD_LoadContext ((TPM_COMMAND_CODE) 0x000000B9) 1405 #define TPM_ORD_LoadKey ((TPM_COMMAND_CODE) 0x00000020) 1406 #define TPM_ORD_LoadKey2 ((TPM_COMMAND_CODE) 0x00000041) 1407 #define TPM_ORD_LoadKeyContext ((TPM_COMMAND_CODE) 0x000000B5) 1408 #define TPM_ORD_LoadMaintenanceArchive ((TPM_COMMAND_CODE) 0x0000002D) 1409 #define TPM_ORD_LoadManuMaintPub ((TPM_COMMAND_CODE) 0x0000002F) 1410 #define TPM_ORD_MakeIdentity ((TPM_COMMAND_CODE) 0x00000079) 1411 #define TPM_ORD_MigrateKey ((TPM_COMMAND_CODE) 0x00000025) 1412 #define TPM_ORD_NV_DefineSpace ((TPM_COMMAND_CODE) 0x000000CC) 1413 #define TPM_ORD_NV_ReadValue ((TPM_COMMAND_CODE) 0x000000CF) 1414 #define TPM_ORD_NV_ReadValueAuth ((TPM_COMMAND_CODE) 0x000000D0) 1415 #define TPM_ORD_NV_WriteValue ((TPM_COMMAND_CODE) 0x000000CD) 1416 #define TPM_ORD_NV_WriteValueAuth ((TPM_COMMAND_CODE) 0x000000CE) 1417 #define TPM_ORD_OIAP ((TPM_COMMAND_CODE) 0x0000000A) 1418 #define TPM_ORD_OSAP ((TPM_COMMAND_CODE) 0x0000000B) 1419 #define TPM_ORD_OwnerClear ((TPM_COMMAND_CODE) 0x0000005B) 1420 #define TPM_ORD_OwnerReadInternalPub ((TPM_COMMAND_CODE) 0x00000081) 1421 #define TPM_ORD_OwnerReadPubek ((TPM_COMMAND_CODE) 0x0000007D) 1422 #define TPM_ORD_OwnerSetDisable ((TPM_COMMAND_CODE) 0x0000006E) 1423 #define TPM_ORD_PCR_Reset ((TPM_COMMAND_CODE) 0x000000C8) 1424 #define TPM_ORD_PcrRead ((TPM_COMMAND_CODE) 0x00000015) 1425 #define TPM_ORD_PhysicalDisable ((TPM_COMMAND_CODE) 0x00000070) 1426 #define TPM_ORD_PhysicalEnable ((TPM_COMMAND_CODE) 0x0000006F) 1427 #define TPM_ORD_PhysicalSetDeactivated ((TPM_COMMAND_CODE) 0x00000072) 1428 #define TPM_ORD_Quote ((TPM_COMMAND_CODE) 0x00000016) 1429 #define TPM_ORD_Quote2 ((TPM_COMMAND_CODE) 0x0000003E) 1430 #define TPM_ORD_ReadCounter ((TPM_COMMAND_CODE) 0x000000DE) 1431 #define TPM_ORD_ReadManuMaintPub ((TPM_COMMAND_CODE) 0x00000030) 1432 #define TPM_ORD_ReadPubek ((TPM_COMMAND_CODE) 0x0000007C) 1433 #define TPM_ORD_ReleaseCounter ((TPM_COMMAND_CODE) 0x000000DF) 1434 #define TPM_ORD_ReleaseCounterOwner ((TPM_COMMAND_CODE) 0x000000E0) 1435 #define TPM_ORD_ReleaseTransportSigned ((TPM_COMMAND_CODE) 0x000000E8) 1436 #define TPM_ORD_Reset ((TPM_COMMAND_CODE) 0x0000005A) 1437 #define TPM_ORD_ResetLockValue ((TPM_COMMAND_CODE) 0x00000040) 1438 #define TPM_ORD_RevokeTrust ((TPM_COMMAND_CODE) 0x00000080) 1439 #define TPM_ORD_SaveAuthContext ((TPM_COMMAND_CODE) 0x000000B6) 1440 #define TPM_ORD_SaveContext ((TPM_COMMAND_CODE) 0x000000B8) 1441 #define TPM_ORD_SaveKeyContext ((TPM_COMMAND_CODE) 0x000000B4) 1442 #define TPM_ORD_SaveState ((TPM_COMMAND_CODE) 0x00000098) 1443 #define TPM_ORD_Seal ((TPM_COMMAND_CODE) 0x00000017) 1444 #define TPM_ORD_Sealx ((TPM_COMMAND_CODE) 0x0000003D) 1445 #define TPM_ORD_SelfTestFull ((TPM_COMMAND_CODE) 0x00000050) 1446 #define TPM_ORD_SetCapability ((TPM_COMMAND_CODE) 0x0000003F) 1447 #define TPM_ORD_SetOperatorAuth ((TPM_COMMAND_CODE) 0x00000074) 1448 #define TPM_ORD_SetOrdinalAuditStatus ((TPM_COMMAND_CODE) 0x0000008D) 1449 #define TPM_ORD_SetOwnerInstall ((TPM_COMMAND_CODE) 0x00000071) 1450 #define TPM_ORD_SetOwnerPointer ((TPM_COMMAND_CODE) 0x00000075) 1451 #define TPM_ORD_SetRedirection ((TPM_COMMAND_CODE) 0x0000009A) 1452 #define TPM_ORD_SetTempDeactivated ((TPM_COMMAND_CODE) 0x00000073) 1453 #define TPM_ORD_SHA1Complete ((TPM_COMMAND_CODE) 0x000000A2) 1454 #define TPM_ORD_SHA1CompleteExtend ((TPM_COMMAND_CODE) 0x000000A3) 1455 #define TPM_ORD_SHA1Start ((TPM_COMMAND_CODE) 0x000000A0) 1456 #define TPM_ORD_SHA1Update ((TPM_COMMAND_CODE) 0x000000A1) 1457 #define TPM_ORD_Sign ((TPM_COMMAND_CODE) 0x0000003C) 1458 #define TPM_ORD_Startup ((TPM_COMMAND_CODE) 0x00000099) 1459 #define TPM_ORD_StirRandom ((TPM_COMMAND_CODE) 0x00000047) 1460 #define TPM_ORD_TakeOwnership ((TPM_COMMAND_CODE) 0x0000000D) 1461 #define TPM_ORD_Terminate_Handle ((TPM_COMMAND_CODE) 0x00000096) 1462 #define TPM_ORD_TickStampBlob ((TPM_COMMAND_CODE) 0x000000F2) 1463 #define TPM_ORD_UnBind ((TPM_COMMAND_CODE) 0x0000001E) 1464 #define TPM_ORD_Unseal ((TPM_COMMAND_CODE) 0x00000018) 1465 #define TSC_ORD_PhysicalPresence ((TPM_COMMAND_CODE) 0x4000000A) 1466 #define TSC_ORD_ResetEstablishmentBit ((TPM_COMMAND_CODE) 0x4000000B) 1467 1468 // 1469 // Part 2, section 18: Context structures 1470 // 1471 1472 typedef struct tdTPM_CONTEXT_BLOB 1473 { 1474 TPM_STRUCTURE_TAG tag; 1475 TPM_RESOURCE_TYPE resourceType; 1476 TPM_HANDLE handle; 1477 UINT8 label[16]; 1478 UINT32 contextCount; 1479 TPM_DIGEST integrityDigest; 1480 UINT32 additionalSize; 1481 UINT8 *additionalData; 1482 UINT32 sensitiveSize; 1483 UINT8 *sensitiveData; 1484 } TPM_CONTEXT_BLOB; 1485 1486 typedef struct tdTPM_CONTEXT_SENSITIVE 1487 { 1488 TPM_STRUCTURE_TAG tag; 1489 TPM_NONCE contextNonce; 1490 UINT32 internalSize; 1491 UINT8 *internalData; 1492 } TPM_CONTEXT_SENSITIVE; 1493 1494 // 1495 // Part 2, section 19: NV Structures 1496 // 1497 1498 #define TPM_NV_INDEX_LOCK ((UINT32)0xffffffff) 1499 #define TPM_NV_INDEX0 ((UINT32)0x00000000) 1500 #define TPM_NV_INDEX_DIR ((UINT32)0x10000001) 1501 #define TPM_NV_INDEX_EKCert ((UINT32)0x0000f000) 1502 #define TPM_NV_INDEX_TPM_CC ((UINT32)0x0000f001) 1503 #define TPM_NV_INDEX_PlatformCert ((UINT32)0x0000f002) 1504 #define TPM_NV_INDEX_Platform_CC ((UINT32)0x0000f003) 1505 // The following define ranges of reserved indices. 1506 #define TPM_NV_INDEX_TSS_BASE ((UINT32)0x00011100) 1507 #define TPM_NV_INDEX_PC_BASE ((UINT32)0x00011200) 1508 #define TPM_NV_INDEX_SERVER_BASE ((UINT32)0x00011300) 1509 #define TPM_NV_INDEX_MOBILE_BASE ((UINT32)0x00011400) 1510 #define TPM_NV_INDEX_PERIPHERAL_BASE ((UINT32)0x00011500) 1511 #define TPM_NV_INDEX_GROUP_RESV_BASE ((UINT32)0x00010000) 1512 1513 typedef UINT32 TPM_NV_PER_ATTRIBUTES; 1514 // The typedefs TPM_NV_PER_ATTRIBUTES (not present in TPM 1.2 Spec. have been added 1515 // and structure fields that were to hold the following values 1516 #define TPM_NV_PER_READ_STCLEAR (((UINT32)1)<<31) 1517 #define TPM_NV_PER_AUTHREAD (((UINT32)1)<<18) 1518 #define TPM_NV_PER_OWNERREAD (((UINT32)1)<<17) 1519 #define TPM_NV_PER_PPREAD (((UINT32)1)<<16) 1520 #define TPM_NV_PER_GLOBALLOCK (((UINT32)1)<<15) 1521 #define TPM_NV_PER_WRITE_STCLEAR (((UINT32)1)<<14) 1522 #define TPM_NV_PER_WRITEDEFINE (((UINT32)1)<<13) 1523 #define TPM_NV_PER_WRITEALL (((UINT32)1)<<12) 1524 #define TPM_NV_PER_AUTHWRITE (((UINT32)1)<<2) 1525 #define TPM_NV_PER_OWNERWRITE (((UINT32)1)<<1) 1526 #define TPM_NV_PER_PPWRITE (((UINT32)1)<<0) 1527 1528 typedef struct tdTPM_NV_ATTRIBUTES 1529 { 1530 TPM_STRUCTURE_TAG tag; 1531 TPM_NV_PER_ATTRIBUTES attributes; 1532 } TPM_NV_ATTRIBUTES; 1533 1534 1535 typedef struct tdTPM_NV_DATA_PUBLIC 1536 { 1537 TPM_STRUCTURE_TAG tag; 1538 TPM_NV_INDEX nvIndex; 1539 TPM_PCR_INFO_SHORT pcrInfoRead; 1540 TPM_PCR_INFO_SHORT pcrInfoWrite; 1541 TPM_NV_ATTRIBUTES permission; 1542 BOOLEAN bReadSTClear; 1543 BOOLEAN bWriteSTClear; 1544 BOOLEAN bWriteDefine; 1545 UINT32 dataSize; 1546 } TPM_NV_DATA_PUBLIC; 1547 1548 1549 1550 // Internal to TPM: 1551 //typedef struct tdTPM_NV_DATA_SENSITIVE 1552 //{ 1553 // TPM_STRUCTURE_TAG tag; 1554 // TPM_NV_DATA_PUBLIC pubInfo; 1555 // TPM_AUTHDATA authValue; 1556 // UINT8 *data; 1557 //} TPM_NV_DATA_SENSITIVE; 1558 1559 1560 // 1561 // Part 2, section 20: Delegation 1562 // 1563 1564 // 1565 // Part 2, section 20.2.1: Owner Permissions Settings for per1 bits 1566 // 1567 #define TPM_DELEGATE_SetOrdinalAuditStatus (((UINT32)1)<<30) 1568 #define TPM_DELEGATE_DirWriteAuth (((UINT32)1)<<29) 1569 #define TPM_DELEGATE_CMK_ApproveMA (((UINT32)1)<<28) 1570 #define TPM_DELEGATE_NV_WriteValue (((UINT32)1)<<27) 1571 #define TPM_DELEGATE_CMK_CreateTicket (((UINT32)1)<<26) 1572 #define TPM_DELEGATE_NV_ReadValue (((UINT32)1)<<25) 1573 #define TPM_DELEGATE_Delegate_LoadOwnerDelegation (((UINT32)1)<<24) 1574 #define TPM_DELEGATE_DAA_Join (((UINT32)1)<<23) 1575 #define TPM_DELEGATE_AuthorizeMigrationKey (((UINT32)1)<<22) 1576 #define TPM_DELEGATE_CreateMaintenanceArchive (((UINT32)1)<<21) 1577 #define TPM_DELEGATE_LoadMaintenanceArchive (((UINT32)1)<<20) 1578 #define TPM_DELEGATE_KillMaintenanceFeature (((UINT32)1)<<19) 1579 #define TPM_DELEGATE_OwnerReadInteralPub (((UINT32)1)<<18) 1580 #define TPM_DELEGATE_ResetLockValue (((UINT32)1)<<17) 1581 #define TPM_DELEGATE_OwnerClear (((UINT32)1)<<16) 1582 #define TPM_DELEGATE_DisableOwnerClear (((UINT32)1)<<15) 1583 #define TPM_DELEGATE_NV_DefineSpace (((UINT32)1)<<14) 1584 #define TPM_DELEGATE_OwnerSetDisable (((UINT32)1)<<13) 1585 #define TPM_DELEGATE_SetCapability (((UINT32)1)<<12) 1586 #define TPM_DELEGATE_MakeIdentity (((UINT32)1)<<11) 1587 #define TPM_DELEGATE_ActivateIdentity (((UINT32)1)<<10) 1588 #define TPM_DELEGATE_OwnerReadPubek (((UINT32)1)<<9) 1589 #define TPM_DELEGATE_DisablePubekRead (((UINT32)1)<<8) 1590 #define TPM_DELEGATE_SetRedirection (((UINT32)1)<<7) 1591 #define TPM_DELEGATE_FieldUpgrade (((UINT32)1)<<6) 1592 #define TPM_DELEGATE_Delegate_UpdateVerification (((UINT32)1)<<5) 1593 #define TPM_DELEGATE_CreateCounter (((UINT32)1)<<4) 1594 #define TPM_DELEGATE_ReleaseCounterOwner (((UINT32)1)<<3) 1595 #define TPM_DELEGATE_DelegateManage (((UINT32)1)<<2) 1596 #define TPM_DELEGATE_Delegate_CreateOwnerDelegation (((UINT32)1)<<1) 1597 #define TPM_DELEGATE_DAA_Sign (((UINT32)1)<<0) 1598 1599 // 1600 // Part 2, section 20.2.3: Key Permissions Settings for per1 bits 1601 // 1602 #define TPM_KEY_DELEGATE_CMK_ConvertMigration (((UINT32)1)<<28) 1603 #define TPM_KEY_DELEGATE_TickStampBlob (((UINT32)1)<<27) 1604 #define TPM_KEY_DELEGATE_ChangeAuthAsymStart (((UINT32)1)<<26) 1605 #define TPM_KEY_DELEGATE_ChangeAuthAsymFinish (((UINT32)1)<<25) 1606 #define TPM_KEY_DELEGATE_CMK_CreateKey (((UINT32)1)<<24) 1607 #define TPM_KEY_DELEGATE_MigrateKey (((UINT32)1)<<23) 1608 #define TPM_KEY_DELEGATE_LoadKey2 (((UINT32)1)<<22) 1609 #define TPM_KEY_DELEGATE_EstablishTransport (((UINT32)1)<<21) 1610 #define TPM_KEY_DELEGATE_ReleaseTransportSigned (((UINT32)1)<<20) 1611 #define TPM_KEY_DELEGATE_Quote2 (((UINT32)1)<<19) 1612 #define TPM_KEY_DELEGATE_Sealx (((UINT32)1)<<18) 1613 #define TPM_KEY_DELEGATE_MakeIdentity (((UINT32)1)<<17) 1614 #define TPM_KEY_DELEGATE_ActivateIdentity (((UINT32)1)<<16) 1615 #define TPM_KEY_DELEGATE_GetAuditDigestSigned (((UINT32)1)<<15) 1616 #define TPM_KEY_DELEGATE_Sign (((UINT32)1)<<14) 1617 #define TPM_KEY_DELEGATE_CertifyKey2 (((UINT32)1)<<13) 1618 #define TPM_KEY_DELEGATE_CertifyKey (((UINT32)1)<<12) 1619 #define TPM_KEY_DELEGATE_CreateWrapKey (((UINT32)1)<<11) 1620 #define TPM_KEY_DELEGATE_CMK_CreateBlob (((UINT32)1)<<10) 1621 #define TPM_KEY_DELEGATE_CreateMigrationBlob (((UINT32)1)<<9) 1622 #define TPM_KEY_DELEGATE_ConvertMigrationBlob (((UINT32)1)<<8) 1623 #define TPM_KEY_DELEGATE_CreateKeyDelegation (((UINT32)1)<<7) 1624 #define TPM_KEY_DELEGATE_ChangeAuth (((UINT32)1)<<6) 1625 #define TPM_KEY_DELEGATE_GetPubKey (((UINT32)1)<<5) 1626 #define TPM_KEY_DELEGATE_UnBind (((UINT32)1)<<4) 1627 #define TPM_KEY_DELEGATE_Quote (((UINT32)1)<<3) 1628 #define TPM_KEY_DELEGATE_Unseal (((UINT32)1)<<2) 1629 #define TPM_KEY_DELEGATE_Seal (((UINT32)1)<<1) 1630 #define TPM_KEY_DELEGATE_LoadKey (((UINT32)1)<<0) 1631 1632 #define TPM_FAMILY_CREATE ((UINT32)0x00000001) 1633 #define TPM_FAMILY_ENABLE ((UINT32)0x00000002) 1634 #define TPM_FAMILY_ADMIN ((UINT32)0x00000003) 1635 #define TPM_FAMILY_INVALIDATE ((UINT32)0x00000004) 1636 1637 #define TPM_FAMFLAG_DELEGATE_ADMIN_LOCK (((UINT32)1)<<1) 1638 #define TPM_FAMFLAG_ENABLE (((UINT32)1)<<0) 1639 1640 typedef struct tdTPM_FAMILY_LABEL 1641 { 1642 UINT8 label; 1643 } TPM_FAMILY_LABEL; 1644 1645 typedef struct tdTPM_FAMILY_TABLE_ENTRY 1646 { 1647 TPM_STRUCTURE_TAG tag; 1648 TPM_FAMILY_LABEL label; 1649 TPM_FAMILY_ID familyID; 1650 TPM_FAMILY_VERIFICATION verificationCount; 1651 TPM_FAMILY_FLAGS flags; 1652 } TPM_FAMILY_TABLE_ENTRY; 1653 1654 #define TPM_FAMILY_TABLE_ENTRY_MIN 8 1655 //typedef struct tdTPM_FAMILY_TABLE 1656 //{ 1657 // TPM_FAMILY_TABLE_ENTRY FamTableRow[TPM_NUM_FAMILY_TABLE_ENTRY_MIN]; 1658 //} TPM_FAMILY_TABLE; 1659 1660 1661 typedef struct tdTPM_DELEGATE_LABEL 1662 { 1663 UINT8 label; 1664 } TPM_DELEGATE_LABEL; 1665 1666 1667 typedef UINT32 TPM_DELEGATE_TYPE; 1668 #define TPM_DEL_OWNER_BITS ((UINT32)0x00000001) 1669 #define TPM_DEL_KEY_BITS ((UINT32)0x00000002) 1670 1671 typedef struct tdTPM_DELEGATIONS 1672 { 1673 TPM_STRUCTURE_TAG tag; 1674 TPM_DELEGATE_TYPE delegateType; 1675 UINT32 per1; 1676 UINT32 per2; 1677 } TPM_DELEGATIONS; 1678 1679 typedef struct tdTPM_DELEGATE_PUBLIC 1680 { 1681 TPM_STRUCTURE_TAG tag; 1682 TPM_DELEGATE_LABEL label; 1683 TPM_PCR_INFO_SHORT pcrInfo; 1684 TPM_DELEGATIONS permissions; 1685 TPM_FAMILY_ID familyID; 1686 TPM_FAMILY_VERIFICATION verificationCount; 1687 } TPM_DELEGATE_PUBLIC; 1688 1689 typedef struct tdTPM_DELEGATE_TABLE_ROW 1690 { 1691 TPM_STRUCTURE_TAG tag; 1692 TPM_DELEGATE_PUBLIC pub; 1693 TPM_SECRET authValue; 1694 } TPM_DELEGATE_TABLE_ROW; 1695 1696 1697 #define TPM_NUM_DELEGATE_TABLE_ENTRY_MIN 2 1698 //typedef struct tdTPM_DELEGATE_TABLE 1699 //{ 1700 // TPM_DELEGATE_TABLE_ROW delRow[TPM_NUM_DELEGATE_TABLE_ENTRY_MIN]; 1701 //} TPM_DELEGATE_TABLE; 1702 1703 typedef struct tdTPM_DELEGATE_SENSITIVE 1704 { 1705 TPM_STRUCTURE_TAG tag; 1706 TPM_SECRET authValue; 1707 } TPM_DELEGATE_SENSITIVE; 1708 1709 typedef struct tdTPM_DELEGATE_OWNER_BLOB 1710 { 1711 TPM_STRUCTURE_TAG tag; 1712 TPM_DELEGATE_PUBLIC pub; 1713 TPM_DIGEST integrityDigest; 1714 UINT32 additionalSize; 1715 UINT8 *additionalArea; 1716 UINT32 sensitiveSize; 1717 UINT8 *sensitiveArea; 1718 } TPM_DELEGATE_OWNER_BLOB; 1719 1720 typedef struct tdTPM_DELEGATE_KEY_BLOB 1721 { 1722 TPM_STRUCTURE_TAG tag; 1723 TPM_DELEGATE_PUBLIC pub; 1724 TPM_DIGEST integrityDigest; 1725 TPM_DIGEST pubKeyDigest; 1726 UINT32 additionalSize; 1727 UINT8 *additionalArea; 1728 UINT32 sensitiveSize; 1729 UINT8 *sensitiveArea; 1730 } TPM_DELEGATE_KEY_BLOB; 1731 1732 // 1733 // Part 2, section 21.1: TPM_CAPABILITY_AREA for GetCapability 1734 // 1735 #define TPM_CAP_ORD ((TPM_CAPABILITY_AREA) 0x00000001) 1736 #define TPM_CAP_ALG ((TPM_CAPABILITY_AREA) 0x00000002) 1737 #define TPM_CAP_PID ((TPM_CAPABILITY_AREA) 0x00000003) 1738 #define TPM_CAP_FLAG ((TPM_CAPABILITY_AREA) 0x00000004) 1739 #define TPM_CAP_PROPERTY ((TPM_CAPABILITY_AREA) 0x00000005) 1740 #define TPM_CAP_VERSION ((TPM_CAPABILITY_AREA) 0x00000006) 1741 #define TPM_CAP_KEY_HANDLE ((TPM_CAPABILITY_AREA) 0x00000007) 1742 #define TPM_CAP_CHECK_LOADED ((TPM_CAPABILITY_AREA) 0x00000008) 1743 #define TPM_CAP_SYM_MODE ((TPM_CAPABILITY_AREA) 0x00000009) 1744 #define TPM_CAP_KEY_STATUS ((TPM_CAPABILITY_AREA) 0x0000000C) 1745 #define TPM_CAP_NV_LIST ((TPM_CAPABILITY_AREA) 0x0000000D) 1746 #define TPM_CAP_MFR ((TPM_CAPABILITY_AREA) 0x00000010) 1747 #define TPM_CAP_NV_INDEX ((TPM_CAPABILITY_AREA) 0x00000011) 1748 #define TPM_CAP_TRANS_ALG ((TPM_CAPABILITY_AREA) 0x00000012) 1749 #define TPM_CAP_HANDLE ((TPM_CAPABILITY_AREA) 0x00000014) 1750 #define TPM_CAP_TRANS_ES ((TPM_CAPABILITY_AREA) 0x00000015) 1751 #define TPM_CAP_AUTH_ENCRYPT ((TPM_CAPABILITY_AREA) 0x00000017) 1752 #define TPM_CAP_SELECT_SIZE ((TPM_CAPABILITY_AREA) 0x00000018) 1753 #define TPM_CAP_VERSION_VAL ((TPM_CAPABILITY_AREA) 0x0000001A) 1754 1755 #define TPM_CAP_FLAG_PERMANENT ((TPM_CAPABILITY_AREA) 0x00000108) 1756 #define TPM_CAP_FLAG_VOLATILE ((TPM_CAPABILITY_AREA) 0x00000109) 1757 1758 // 1759 // Part 2, section 21.2: CAP_PROPERTY Subcap values for GetCapability 1760 // 1761 #define TPM_CAP_PROP_PCR ((TPM_CAPABILITY_AREA) 0x00000101) 1762 #define TPM_CAP_PROP_DIR ((TPM_CAPABILITY_AREA) 0x00000102) 1763 #define TPM_CAP_PROP_MANUFACTURER ((TPM_CAPABILITY_AREA) 0x00000103) 1764 #define TPM_CAP_PROP_KEYS ((TPM_CAPABILITY_AREA) 0x00000104) 1765 #define TPM_CAP_PROP_MIN_COUNTER ((TPM_CAPABILITY_AREA) 0x00000107) 1766 #define TPM_CAP_PROP_AUTHSESS ((TPM_CAPABILITY_AREA) 0x0000010A) 1767 #define TPM_CAP_PROP_TRANSESS ((TPM_CAPABILITY_AREA) 0x0000010B) 1768 #define TPM_CAP_PROP_COUNTERS ((TPM_CAPABILITY_AREA) 0x0000010C) 1769 #define TPM_CAP_PROP_MAX_AUTHSESS ((TPM_CAPABILITY_AREA) 0x0000010D) 1770 #define TPM_CAP_PROP_MAX_TRANSESS ((TPM_CAPABILITY_AREA) 0x0000010E) 1771 #define TPM_CAP_PROP_MAX_COUNTERS ((TPM_CAPABILITY_AREA) 0x0000010F) 1772 #define TPM_CAP_PROP_MAX_KEYS ((TPM_CAPABILITY_AREA) 0x00000110) 1773 #define TPM_CAP_PROP_OWNER ((TPM_CAPABILITY_AREA) 0x00000111) 1774 #define TPM_CAP_PROP_CONTEXT ((TPM_CAPABILITY_AREA) 0x00000112) 1775 #define TPM_CAP_PROP_MAX_CONTEXT ((TPM_CAPABILITY_AREA) 0x00000113) 1776 #define TPM_CAP_PROP_FAMILYROWS ((TPM_CAPABILITY_AREA) 0x00000114) 1777 #define TPM_CAP_PROP_TIS_TIMEOUT ((TPM_CAPABILITY_AREA) 0x00000115) 1778 #define TPM_CAP_PROP_STARTUP_EFFECT ((TPM_CAPABILITY_AREA) 0x00000116) 1779 #define TPM_CAP_PROP_DELEGATE_ROW ((TPM_CAPABILITY_AREA) 0x00000117) 1780 #define TPM_CAP_PROP_DAA_MAX ((TPM_CAPABILITY_AREA) 0x00000119) 1781 #define CAP_PROP_SESSION_DAA ((TPM_CAPABILITY_AREA) 0x0000011A) 1782 #define TPM_CAP_PROP_CONTEXT_DIST ((TPM_CAPABILITY_AREA) 0x0000011B) 1783 #define TPM_CAP_PROP_DAA_INTERRUPT ((TPM_CAPABILITY_AREA) 0x0000011C) 1784 #define TPM_CAP_PROP_SESSIONS ((TPM_CAPABILITY_AREA) 0x0000011D) 1785 #define TPM_CAP_PROP_MAX_SESSIONS ((TPM_CAPABILITY_AREA) 0x0000011E) 1786 #define TPM_CAP_PROP_CMK_RESTRICTION ((TPM_CAPABILITY_AREA) 0x0000011F) 1787 #define TPM_CAP_PROP_DURATION ((TPM_CAPABILITY_AREA) 0x00000120) 1788 #define TPM_CAP_PROP_ACTIVE_COUNTER ((TPM_CAPABILITY_AREA) 0x00000122) 1789 #define TPM_CAP_PROP_MAX_NV_AVAILABLE ((TPM_CAPABILITY_AREA) 0x00000123) 1790 #define TPM_CAP_PROP_INPUT_BUFFER ((TPM_CAPABILITY_AREA) 0x00000124) 1791 1792 // 1793 // Part 2, section 21.4: TPM_CAPABILITY_AREA for SetCapability 1794 // 1795 #define TPM_SET_PERM_FLAGS ((TPM_CAPABILITY_AREA) 0x00000001) 1796 #define TPM_SET_PERM_DATA ((TPM_CAPABILITY_AREA) 0x00000002) 1797 #define TPM_SET_STCLEAR_FLAGS ((TPM_CAPABILITY_AREA) 0x00000003) 1798 #define TPM_SET_STCLEAR_DATA ((TPM_CAPABILITY_AREA) 0x00000004) 1799 #define TPM_SET_STANY_FLAGS ((TPM_CAPABILITY_AREA) 0x00000005) 1800 #define TPM_SET_STANY_DATA ((TPM_CAPABILITY_AREA) 0x00000006) 1801 1802 // Part 2, section 21.6: TPM_CAP_VERSION_INFO 1803 // [size_is(vendorSpecificSize)] BYTE* vendorSpecific; 1804 // 1805 typedef struct tdTPM_CAP_VERSION_INFO { 1806 TPM_STRUCTURE_TAG tag; 1807 TPM_VERSION version; 1808 UINT16 specLevel; 1809 UINT8 errataRev; 1810 UINT8 tpmVendorID[4]; 1811 UINT16 vendorSpecificSize; 1812 UINT8 *vendorSpecific; 1813 } TPM_CAP_VERSION_INFO; 1814 1815 // 1816 // Part 2, section 21.10: TPM_DA_ACTION_TYPE 1817 // 1818 typedef struct tdTPM_DA_ACTION_TYPE { 1819 TPM_STRUCTURE_TAG tag; 1820 UINT32 actions; 1821 } TPM_DA_ACTION_TYPE; 1822 1823 #define TPM_DA_ACTION_FAILURE_MODE (((UINT32)1)<<3) 1824 #define TPM_DA_ACTION_DEACTIVATE (((UINT32)1)<<2) 1825 #define TPM_DA_ACTION_DISABLE (((UINT32)1)<<1) 1826 #define TPM_DA_ACTION_TIMEOUT (((UINT32)1)<<0) 1827 1828 // 1829 // Part 2, section 21.7: TPM_DA_INFO 1830 // 1831 typedef struct tdTPM_DA_INFO { 1832 TPM_STRUCTURE_TAG tag; 1833 TPM_DA_STATE state; 1834 UINT16 currentCount; 1835 UINT16 thresholdCount; 1836 TPM_DA_ACTION_TYPE actionAtThreshold; 1837 UINT32 actionDependValue; 1838 UINT32 vendorDataSize; 1839 UINT8 *vendorData; 1840 } TPM_DA_INFO; 1841 1842 // 1843 // Part 2, section 21.8: TPM_DA_INFO_LIMITED 1844 // 1845 typedef struct tdTPM_DA_INFO_LIMITED { 1846 TPM_STRUCTURE_TAG tag; 1847 TPM_DA_STATE state; 1848 TPM_DA_ACTION_TYPE actionAtThreshold; 1849 UINT32 vendorDataSize; 1850 UINT8 *vendorData; 1851 } TPM_DA_INFO_LIMITED; 1852 1853 // 1854 // Part 2, section 21.9: CAP_PROPERTY Subcap values for GetCapability 1855 // 1856 #define TPM_DA_STATE_INACTIVE ((UINT8)0x00) 1857 #define TPM_DA_STATE_ACTIVE ((UINT8)0x01) 1858 1859 // 1860 // Part 2, section 22: DAA Structures 1861 // 1862 1863 #define TPM_DAA_SIZE_r0 (43) 1864 #define TPM_DAA_SIZE_r1 (43) 1865 #define TPM_DAA_SIZE_r2 (128) 1866 #define TPM_DAA_SIZE_r3 (168) 1867 #define TPM_DAA_SIZE_r4 (219) 1868 #define TPM_DAA_SIZE_NT (20) 1869 #define TPM_DAA_SIZE_v0 (128) 1870 #define TPM_DAA_SIZE_v1 (192) 1871 #define TPM_DAA_SIZE_NE (256) 1872 #define TPM_DAA_SIZE_w (256) 1873 #define TPM_DAA_SIZE_issuerModulus (256) 1874 #define TPM_DAA_power0 (104) 1875 #define TPM_DAA_power1 (1024) 1876 1877 typedef struct tdTPM_DAA_ISSUER 1878 { 1879 TPM_STRUCTURE_TAG tag; 1880 TPM_DIGEST DAA_digest_R0; 1881 TPM_DIGEST DAA_digest_R1; 1882 TPM_DIGEST DAA_digest_S0; 1883 TPM_DIGEST DAA_digest_S1; 1884 TPM_DIGEST DAA_digest_n; 1885 TPM_DIGEST DAA_digest_gamma; 1886 UINT8 DAA_generic_q[26]; 1887 } TPM_DAA_ISSUER; 1888 1889 1890 typedef struct tdTPM_DAA_TPM 1891 { 1892 TPM_STRUCTURE_TAG tag; 1893 TPM_DIGEST DAA_digestIssuer; 1894 TPM_DIGEST DAA_digest_v0; 1895 TPM_DIGEST DAA_digest_v1; 1896 TPM_DIGEST DAA_rekey; 1897 UINT32 DAA_count; 1898 } TPM_DAA_TPM; 1899 1900 typedef struct tdTPM_DAA_CONTEXT 1901 { 1902 TPM_STRUCTURE_TAG tag; 1903 TPM_DIGEST DAA_digestContext; 1904 TPM_DIGEST DAA_digest; 1905 TPM_DAA_CONTEXT_SEED DAA_contextSeed; 1906 UINT8 DAA_scratch[256]; 1907 UINT8 DAA_stage; 1908 } TPM_DAA_CONTEXT; 1909 1910 typedef struct tdTPM_DAA_JOINDATA 1911 { 1912 UINT8 DAA_join_u0[128]; 1913 UINT8 DAA_join_u1[138]; 1914 TPM_DIGEST DAA_digest_n0; 1915 } TPM_DAA_JOINDATA; 1916 1917 typedef struct tdTPM_DAA_BLOB 1918 { 1919 TPM_STRUCTURE_TAG tag; 1920 TPM_RESOURCE_TYPE resourceType; 1921 UINT8 label[16]; 1922 TPM_DIGEST blobIntegrity; 1923 UINT32 additionalSize; 1924 UINT8 *additionalData; 1925 UINT32 sensitiveSize; 1926 UINT8 *sensitiveData; 1927 } TPM_DAA_BLOB; 1928 1929 typedef struct tdTPM_DAA_SENSITIVE 1930 { 1931 TPM_STRUCTURE_TAG tag; 1932 UINT32 internalSize; 1933 UINT8 *internalData; 1934 } TPM_DAA_SENSITIVE; 1935 1936 1937 // 1938 // Part 2, section 23: Redirection 1939 // 1940 1941 // This section of the TPM spec defines exactly one value but does not 1942 // give it a name. The definition of TPM_SetRedirection in Part3 1943 // refers to exactly one name but does not give its value. We join 1944 // them here. 1945 #define TPM_REDIR_GPIO (0x00000001) 1946 1947 // 1948 // TPM Command & Response Headers 1949 // 1950 typedef struct tdTPM_RQU_COMMAND_HDR { 1951 TPM_STRUCTURE_TAG tag; 1952 UINT32 paramSize; 1953 TPM_COMMAND_CODE ordinal; 1954 } TPM_RQU_COMMAND_HDR; 1955 1956 typedef struct tdTPM_RSP_COMMAND_HDR { 1957 TPM_STRUCTURE_TAG tag; 1958 UINT32 paramSize; 1959 TPM_RESULT returnCode; 1960 } TPM_RSP_COMMAND_HDR; 1961 1962 #ifndef __GNUC__ 1963 #pragma pack (pop) 1964 #endif 1965 1966 #endif // _TPM12_H_ 1967