1 /* Microsoft Reference Implementation for TPM 2.0 2 * 3 * The copyright in this software is being made available under the BSD License, 4 * included below. This software may be subject to other third party and 5 * contributor rights, including patent rights, and no such rights are granted 6 * under this license. 7 * 8 * Copyright (c) Microsoft Corporation 9 * 10 * All rights reserved. 11 * 12 * BSD License 13 * 14 * Redistribution and use in source and binary forms, with or without modification, 15 * are permitted provided that the following conditions are met: 16 * 17 * Redistributions of source code must retain the above copyright notice, this list 18 * of conditions and the following disclaimer. 19 * 20 * Redistributions in binary form must reproduce the above copyright notice, this 21 * list of conditions and the following disclaimer in the documentation and/or 22 * other materials provided with the distribution. 23 * 24 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" 25 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 26 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 27 * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR 28 * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 29 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 30 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON 31 * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 32 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 33 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 34 */ 35 36 //** Description 37 38 // This file contains internal global type definitions and data declarations that 39 // are need between subsystems. The instantiation of global data is in Global.c. 40 // The initialization of global data is in the subsystem that is the primary owner 41 // of the data. 42 // 43 // The first part of this file has the 'typedefs' for structures and other defines 44 // used in many portions of the code. After the 'typedef' section, is a section that 45 // defines global values that are only present in RAM. The next three sections 46 // define the structures for the NV data areas: persistent, orderly, and state 47 // save. Additional sections define the data that is used in specific modules. That 48 // data is private to the module but is collected here to simplify the management 49 // of the instance data. 50 // 51 // All the data is instanced in Global.c. 52 #if !defined _TPM_H_ 53 #error "Should only be instanced in TPM.h" 54 #endif 55 56 57 //** Includes 58 59 #ifndef GLOBAL_H 60 #define GLOBAL_H 61 62 _REDUCE_WARNING_LEVEL_(2) 63 #include <string.h> 64 #include <stddef.h> 65 _NORMAL_WARNING_LEVEL_ 66 67 #include "Capabilities.h" 68 #include "TpmTypes.h" 69 #include "CommandAttributes.h" 70 #include "CryptTest.h" 71 #include "BnValues.h" 72 #include "CryptHash.h" 73 #include "CryptSym.h" 74 #include "CryptRand.h" 75 #include "CryptEcc.h" 76 #include "CryptRsa.h" 77 #include "CryptTest.h" 78 #include "TpmError.h" 79 #include "NV.h" 80 #include "ACT.h" 81 82 //** Defines and Types 83 84 //*** Size Types 85 // These types are used to differentiate the two different size values used. 86 // 87 // NUMBYTES is used when a size is a number of bytes (usually a TPM2B) 88 typedef UINT16 NUMBYTES; 89 90 //*** Other Types 91 // An AUTH_VALUE is a BYTE array containing a digest (TPMU_HA) 92 typedef BYTE AUTH_VALUE[sizeof(TPMU_HA)]; 93 94 // A TIME_INFO is a BYTE array that can contain a TPMS_TIME_INFO 95 typedef BYTE TIME_INFO[sizeof(TPMS_TIME_INFO)]; 96 97 // A NAME is a BYTE array that can contain a TPMU_NAME 98 typedef BYTE NAME[sizeof(TPMU_NAME)]; 99 100 // Definition for a PROOF value 101 TPM2B_TYPE(PROOF, PROOF_SIZE); 102 103 // Definition for a Primary Seed value 104 TPM2B_TYPE(SEED, PRIMARY_SEED_SIZE); 105 106 107 // A CLOCK_NONCE is used to tag the time value in the authorization session and 108 // in the ticket computation so that the ticket expires when there is a time 109 // discontinuity. When the clock stops during normal operation, the nonce is 110 // 64-bit value kept in RAM but it is a 32-bit counter when the clock only stops 111 // during power events. 112 #if CLOCK_STOPS 113 typedef UINT64 CLOCK_NONCE; 114 #else 115 typedef UINT32 CLOCK_NONCE; 116 #endif 117 118 //** Loaded Object Structures 119 //*** Description 120 // The structures in this section define the object layout as it exists in TPM 121 // memory. 122 // 123 // Two types of objects are defined: an ordinary object such as a key, and a 124 // sequence object that may be a hash, HMAC, or event. 125 // 126 //*** OBJECT_ATTRIBUTES 127 // An OBJECT_ATTRIBUTES structure contains the variable attributes of an object. 128 // These properties are not part of the public properties but are used by the 129 // TPM in managing the object. An OBJECT_ATTRIBUTES is used in the definition of 130 // the OBJECT data type. 131 132 typedef struct 133 { 134 unsigned publicOnly : 1; //0) SET if only the public portion of 135 // an object is loaded 136 unsigned epsHierarchy : 1; //1) SET if the object belongs to EPS 137 // Hierarchy 138 unsigned ppsHierarchy : 1; //2) SET if the object belongs to PPS 139 // Hierarchy 140 unsigned spsHierarchy : 1; //3) SET f the object belongs to SPS 141 // Hierarchy 142 unsigned evict : 1; //4) SET if the object is a platform or 143 // owner evict object. Platform- 144 // evict object belongs to PPS 145 // hierarchy, owner-evict object 146 // belongs to SPS or EPS hierarchy. 147 // This bit is also used to mark a 148 // completed sequence object so it 149 // will be flush when the 150 // SequenceComplete command succeeds. 151 unsigned primary : 1; //5) SET for a primary object 152 unsigned temporary : 1; //6) SET for a temporary object 153 unsigned stClear : 1; //7) SET for an stClear object 154 unsigned hmacSeq : 1; //8) SET for an HMAC or MAC sequence 155 // object 156 unsigned hashSeq : 1; //9) SET for a hash sequence object 157 unsigned eventSeq : 1; //10) SET for an event sequence object 158 unsigned ticketSafe : 1; //11) SET if a ticket is safe to create 159 // for hash sequence object 160 unsigned firstBlock : 1; //12) SET if the first block of hash 161 // data has been received. It 162 // works with ticketSafe bit 163 unsigned isParent : 1; //13) SET if the key has the proper 164 // attributes to be a parent key 165 // unsigned privateExp : 1; //14) SET when the private exponent 166 // // of an RSA key has been validated. 167 unsigned not_used_14 : 1; 168 unsigned occupied : 1; //15) SET when the slot is occupied. 169 unsigned derivation : 1; //16) SET when the key is a derivation 170 // parent 171 unsigned external : 1; //17) SET when the object is loaded with 172 // TPM2_LoadExternal(); 173 } OBJECT_ATTRIBUTES; 174 175 #if ALG_RSA 176 // There is an overload of the sensitive.rsa.t.size field of a TPMT_SENSITIVE when an 177 // RSA key is loaded. When the sensitive->sensitive contains an RSA key with all of 178 // the CRT values, then the MSB of the size field will be set to indicate that the 179 // buffer contains all 5 of the CRT private key values. 180 #define RSA_prime_flag 0x8000 181 #endif 182 183 184 //*** OBJECT Structure 185 // An OBJECT structure holds the object public, sensitive, and meta-data 186 // associated. This structure is implementation dependent. For this 187 // implementation, the structure is not optimized for space but rather 188 // for clarity of the reference implementation. Other implementations 189 // may choose to overlap portions of the structure that are not used 190 // simultaneously. These changes would necessitate changes to the source 191 // code but those changes would be compatible with the reference 192 // implementation. 193 194 typedef struct OBJECT 195 { 196 // The attributes field is required to be first followed by the publicArea. 197 // This allows the overlay of the object structure and a sequence structure 198 OBJECT_ATTRIBUTES attributes; // object attributes 199 TPMT_PUBLIC publicArea; // public area of an object 200 TPMT_SENSITIVE sensitive; // sensitive area of an object 201 TPM2B_NAME qualifiedName; // object qualified name 202 TPMI_DH_OBJECT evictHandle; // if the object is an evict object, 203 // the original handle is kept here. 204 // The 'working' handle will be the 205 // handle of an object slot. 206 TPM2B_NAME name; // Name of the object name. Kept here 207 // to avoid repeatedly computing it. 208 } OBJECT; 209 210 //*** HASH_OBJECT Structure 211 // This structure holds a hash sequence object or an event sequence object. 212 // 213 // The first four components of this structure are manually set to be the same as 214 // the first four components of the object structure. This prevents the object 215 // from being inadvertently misused as sequence objects occupy the same memory as 216 // a regular object. A debug check is present to make sure that the offsets are 217 // what they are supposed to be. 218 // NOTE: In a future version, this will probably be renamed as SEQUENCE_OBJECT 219 typedef struct HASH_OBJECT 220 { 221 OBJECT_ATTRIBUTES attributes; // The attributes of the HASH object 222 TPMI_ALG_PUBLIC type; // algorithm 223 TPMI_ALG_HASH nameAlg; // name algorithm 224 TPMA_OBJECT objectAttributes; // object attributes 225 226 // The data below is unique to a sequence object 227 TPM2B_AUTH auth; // authorization for use of sequence 228 union 229 { 230 HASH_STATE hashState[HASH_COUNT]; 231 HMAC_STATE hmacState; 232 } state; 233 } HASH_OBJECT; 234 235 typedef BYTE HASH_OBJECT_BUFFER[sizeof(HASH_OBJECT)]; 236 237 //*** ANY_OBJECT 238 // This is the union for holding either a sequence object or a regular object 239 // for ContextSave and ContextLoad. 240 typedef union ANY_OBJECT 241 { 242 OBJECT entity; 243 HASH_OBJECT hash; 244 } ANY_OBJECT; 245 246 typedef BYTE ANY_OBJECT_BUFFER[sizeof(ANY_OBJECT)]; 247 248 //**AUTH_DUP Types 249 // These values are used in the authorization processing. 250 251 typedef UINT32 AUTH_ROLE; 252 #define AUTH_NONE ((AUTH_ROLE)(0)) 253 #define AUTH_USER ((AUTH_ROLE)(1)) 254 #define AUTH_ADMIN ((AUTH_ROLE)(2)) 255 #define AUTH_DUP ((AUTH_ROLE)(3)) 256 257 //** Active Session Context 258 //*** Description 259 // The structures in this section define the internal structure of a session 260 // context. 261 // 262 //*** SESSION_ATTRIBUTES 263 // The attributes in the SESSION_ATTRIBUTES structure track the various properties 264 // of the session. It maintains most of the tracking state information for the 265 // policy session. It is used within the SESSION structure. 266 267 typedef struct SESSION_ATTRIBUTES 268 { 269 unsigned isPolicy : 1; //1) SET if the session may only be used 270 // for policy 271 unsigned isAudit : 1; //2) SET if the session is used for audit 272 unsigned isBound : 1; //3) SET if the session is bound to with an 273 // entity. This attribute will be CLEAR 274 // if either isPolicy or isAudit is SET. 275 unsigned isCpHashDefined : 1; //4) SET if the cpHash has been defined 276 // This attribute is not SET unless 277 // 'isPolicy' is SET. 278 unsigned isAuthValueNeeded : 1; //5) SET if the authValue is required for 279 // computing the session HMAC. This 280 // attribute is not SET unless 'isPolicy' 281 // is SET. 282 unsigned isPasswordNeeded : 1; //6) SET if a password authValue is required 283 // for authorization This attribute is not 284 // SET unless 'isPolicy' is SET. 285 unsigned isPPRequired : 1; //7) SET if physical presence is required to 286 // be asserted when the authorization is 287 // checked. This attribute is not SET 288 // unless 'isPolicy' is SET. 289 unsigned isTrialPolicy : 1; //8) SET if the policy session is created 290 // for trial of the policy's policyHash 291 // generation. This attribute is not SET 292 // unless 'isPolicy' is SET. 293 unsigned isDaBound : 1; //9) SET if the bind entity had noDA CLEAR. 294 // If this is SET, then an authorization 295 // failure using this session will count 296 // against lockout even if the object 297 // being authorized is exempt from DA. 298 unsigned isLockoutBound : 1; //10) SET if the session is bound to 299 // lockoutAuth. 300 unsigned includeAuth : 1; //11) This attribute is SET when the 301 // authValue of an object is to be 302 // included in the computation of the 303 // HMAC key for the command and response 304 // computations. (was 'requestWasBound') 305 unsigned checkNvWritten : 1; //12) SET if the TPMA_NV_WRITTEN attribute 306 // needs to be checked when the policy is 307 // used for authorization for NV access. 308 // If this is SET for any other type, the 309 // policy will fail. 310 unsigned nvWrittenState : 1; //13) SET if TPMA_NV_WRITTEN is required to 311 // be SET. Used when 'checkNvWritten' is 312 // SET 313 unsigned isTemplateSet : 1; //14) SET if the templateHash needs to be 314 // checked for Create, CreatePrimary, or 315 // CreateLoaded. 316 } SESSION_ATTRIBUTES; 317 318 //*** SESSION Structure 319 // The SESSION structure contains all the context of a session except for the 320 // associated contextID. 321 // 322 // Note: The contextID of a session is only relevant when the session context 323 // is stored off the TPM. 324 325 typedef struct SESSION 326 { 327 SESSION_ATTRIBUTES attributes; // session attributes 328 UINT32 pcrCounter; // PCR counter value when PCR is 329 // included (policy session) 330 // If no PCR is included, this 331 // value is 0. 332 UINT64 startTime; // The value in g_time when the session 333 // was started (policy session) 334 UINT64 timeout; // The timeout relative to g_time 335 // There is no timeout if this value 336 // is 0. 337 CLOCK_NONCE epoch; // The g_clockEpoch value when the 338 // session was started. If g_clockEpoch 339 // does not match this value when the 340 // timeout is used, then 341 // then the command will fail. 342 TPM_CC commandCode; // command code (policy session) 343 TPM_ALG_ID authHashAlg; // session hash algorithm 344 TPMA_LOCALITY commandLocality; // command locality (policy session) 345 TPMT_SYM_DEF symmetric; // session symmetric algorithm (if any) 346 TPM2B_AUTH sessionKey; // session secret value used for 347 // this session 348 TPM2B_NONCE nonceTPM; // last TPM-generated nonce for 349 // generating HMAC and encryption keys 350 union 351 { 352 TPM2B_NAME boundEntity; // value used to track the entity to 353 // which the session is bound 354 355 TPM2B_DIGEST cpHash; // the required cpHash value for the 356 // command being authorized 357 TPM2B_DIGEST nameHash; // the required nameHash 358 TPM2B_DIGEST templateHash; // the required template for creation 359 } u1; 360 361 union 362 { 363 TPM2B_DIGEST auditDigest; // audit session digest 364 TPM2B_DIGEST policyDigest; // policyHash 365 } u2; // audit log and policyHash may 366 // share space to save memory 367 } SESSION; 368 369 #define EXPIRES_ON_RESET INT32_MIN 370 #define TIMEOUT_ON_RESET UINT64_MAX 371 #define EXPIRES_ON_RESTART (INT32_MIN + 1) 372 #define TIMEOUT_ON_RESTART (UINT64_MAX - 1) 373 374 typedef BYTE SESSION_BUF[sizeof(SESSION)]; 375 376 //********************************************************************************* 377 //** PCR 378 //********************************************************************************* 379 //***PCR_SAVE Structure 380 // The PCR_SAVE structure type contains the PCR data that are saved across power 381 // cycles. Only the static PCR are required to be saved across power cycles. The 382 // DRTM and resettable PCR are not saved. The number of static and resettable PCR 383 // is determined by the platform-specific specification to which the TPM is built. 384 385 #define PCR_SAVE_SPACE(HASH, Hash) BYTE Hash[NUM_STATIC_PCR][HASH##_DIGEST_SIZE]; 386 387 typedef struct PCR_SAVE 388 { 389 FOR_EACH_HASH(PCR_SAVE_SPACE) 390 391 // This counter increments whenever the PCR are updated. 392 // NOTE: A platform-specific specification may designate 393 // certain PCR changes as not causing this counter 394 // to increment. 395 UINT32 pcrCounter; 396 } PCR_SAVE; 397 398 //***PCR_POLICY 399 #if defined NUM_POLICY_PCR_GROUP && NUM_POLICY_PCR_GROUP > 0 400 // This structure holds the PCR policies, one for each group of PCR controlled 401 // by policy. 402 typedef struct PCR_POLICY 403 { 404 TPMI_ALG_HASH hashAlg[NUM_POLICY_PCR_GROUP]; 405 TPM2B_DIGEST a; 406 TPM2B_DIGEST policy[NUM_POLICY_PCR_GROUP]; 407 } PCR_POLICY; 408 #endif 409 410 //***PCR_AUTHVALUE 411 // This structure holds the PCR policies, one for each group of PCR controlled 412 // by policy. 413 typedef struct PCR_AUTH_VALUE 414 { 415 TPM2B_DIGEST auth[NUM_AUTHVALUE_PCR_GROUP]; 416 } PCR_AUTHVALUE; 417 418 419 420 //**STARTUP_TYPE 421 // This enumeration is the possible startup types. The type is determined 422 // by the combination of TPM2_ShutDown and TPM2_Startup. 423 typedef enum 424 { 425 SU_RESET, 426 SU_RESTART, 427 SU_RESUME 428 } STARTUP_TYPE; 429 430 //**NV 431 432 //***NV_INDEX 433 // The NV_INDEX structure defines the internal format for an NV index. 434 // The 'indexData' size varies according to the type of the index. 435 // In this implementation, all of the index is manipulated as a unit. 436 typedef struct NV_INDEX 437 { 438 TPMS_NV_PUBLIC publicArea; 439 TPM2B_AUTH authValue; 440 } NV_INDEX; 441 442 //*** NV_REF 443 // An NV_REF is an opaque value returned by the NV subsystem. It is used to 444 // reference and NV Index in a relatively efficient way. Rather than having to 445 // continually search for an Index, its reference value may be used. In this 446 // implementation, an NV_REF is a byte pointer that points to the copy of the 447 // NV memory that is kept in RAM. 448 typedef UINT32 NV_REF; 449 450 typedef BYTE *NV_RAM_REF; 451 //***NV_PIN 452 // This structure deals with the possible endianess differences between the 453 // canonical form of the TPMS_NV_PIN_COUNTER_PARAMETERS structure and the internal 454 // value. The structures allow the data in a PIN index to be read as an 8-octet 455 // value using NvReadUINT64Data(). That function will byte swap all the values on a 456 // little endian system. This will put the bytes with the 4-octet values in the 457 // correct order but will swap the pinLimit and pinCount values. When written, the 458 // PIN index is simply handled as a normal index with the octets in canonical order. 459 #if BIG_ENDIAN_TPM 460 typedef struct 461 { 462 UINT32 pinCount; 463 UINT32 pinLimit; 464 } PIN_DATA; 465 #else 466 typedef struct 467 { 468 UINT32 pinLimit; 469 UINT32 pinCount; 470 } PIN_DATA; 471 #endif 472 473 typedef union 474 { 475 UINT64 intVal; 476 PIN_DATA pin; 477 } NV_PIN; 478 479 //**COMMIT_INDEX_MASK 480 // This is the define for the mask value that is used when manipulating 481 // the bits in the commit bit array. The commit counter is a 64-bit 482 // value and the low order bits are used to index the commitArray. 483 // This mask value is applied to the commit counter to extract the 484 // bit number in the array. 485 #if ALG_ECC 486 487 #define COMMIT_INDEX_MASK ((UINT16)((sizeof(gr.commitArray)*8)-1)) 488 489 #endif 490 491 //***************************************************************************** 492 //***************************************************************************** 493 //** RAM Global Values 494 //***************************************************************************** 495 //***************************************************************************** 496 //*** Description 497 // The values in this section are only extant in RAM or ROM as constant values. 498 499 //*** Crypto Self-Test Values 500 EXTERN ALGORITHM_VECTOR g_implementedAlgorithms; 501 EXTERN ALGORITHM_VECTOR g_toTest; 502 503 //*** g_rcIndex[] 504 // This array is used to contain the array of values that are added to a return 505 // code when it is a parameter-, handle-, or session-related error. 506 // This is an implementation choice and the same result can be achieved by using 507 // a macro. 508 #define g_rcIndexInitializer { TPM_RC_1, TPM_RC_2, TPM_RC_3, TPM_RC_4, \ 509 TPM_RC_5, TPM_RC_6, TPM_RC_7, TPM_RC_8, \ 510 TPM_RC_9, TPM_RC_A, TPM_RC_B, TPM_RC_C, \ 511 TPM_RC_D, TPM_RC_E, TPM_RC_F } 512 EXTERN const UINT16 g_rcIndex[15] INITIALIZER(g_rcIndexInitializer); 513 514 //*** g_exclusiveAuditSession 515 // This location holds the session handle for the current exclusive audit 516 // session. If there is no exclusive audit session, the location is set to 517 // TPM_RH_UNASSIGNED. 518 EXTERN TPM_HANDLE g_exclusiveAuditSession; 519 520 //*** g_time 521 // This is the value in which we keep the current command time. This is initialized 522 // at the start of each command. The time is the accumulated time since the last 523 // time that the TPM's timer was last powered up. Clock is the accumulated time 524 // since the last time that the TPM was cleared. g_time is in mS. 525 EXTERN UINT64 g_time; 526 527 //*** g_timeEpoch 528 // This value contains the current clock Epoch. It changes when there is a clock 529 // discontinuity. It may be necessary to place this in NV should the timer be able 530 // to run across a power down of the TPM but not in all cases (e.g. dead battery). 531 // If the nonce is placed in NV, it should go in gp because it should be changing 532 // slowly. 533 #if CLOCK_STOPS 534 EXTERN CLOCK_NONCE g_timeEpoch; 535 #else 536 #define g_timeEpoch gp.timeEpoch 537 #endif 538 539 //*** g_phEnable 540 // This is the platform hierarchy control and determines if the platform hierarchy 541 // is available. This value is SET on each TPM2_Startup(). The default value is 542 // SET. 543 EXTERN BOOL g_phEnable; 544 545 //*** g_pcrReConfig 546 // This value is SET if a TPM2_PCR_Allocate command successfully executed since 547 // the last TPM2_Startup(). If so, then the next shutdown is required to be 548 // Shutdown(CLEAR). 549 EXTERN BOOL g_pcrReConfig; 550 551 //*** g_DRTMHandle 552 // This location indicates the sequence object handle that holds the DRTM 553 // sequence data. When not used, it is set to TPM_RH_UNASSIGNED. A sequence 554 // DRTM sequence is started on either _TPM_Init or _TPM_Hash_Start. 555 EXTERN TPMI_DH_OBJECT g_DRTMHandle; 556 557 //*** g_DrtmPreStartup 558 // This value indicates that an H-CRTM occurred after _TPM_Init but before 559 // TPM2_Startup(). The define for PRE_STARTUP_FLAG is used to add the 560 // g_DrtmPreStartup value to gp_orderlyState at shutdown. This hack is to avoid 561 // adding another NV variable. 562 EXTERN BOOL g_DrtmPreStartup; 563 564 //*** g_StartupLocality3 565 // This value indicates that a TPM2_Startup() occurred at locality 3. Otherwise, it 566 // at locality 0. The define for STARTUP_LOCALITY_3 is to 567 // indicate that the startup was not at locality 0. This hack is to avoid 568 // adding another NV variable. 569 EXTERN BOOL g_StartupLocality3; 570 571 //***TPM_SU_NONE 572 // Part 2 defines the two shutdown/startup types that may be used in 573 // TPM2_Shutdown() and TPM2_Starup(). This additional define is 574 // used by the TPM to indicate that no shutdown was received. 575 // NOTE: This is a reserved value. 576 #define SU_NONE_VALUE (0xFFFF) 577 #define TPM_SU_NONE (TPM_SU)(SU_NONE_VALUE) 578 579 //*** TPM_SU_DA_USED 580 // As with TPM_SU_NONE, this value is added to allow indication that the shutdown 581 // was not orderly and that a DA=protected object was reference during the previous 582 // cycle. 583 #define SU_DA_USED_VALUE (SU_NONE_VALUE - 1) 584 #define TPM_SU_DA_USED (TPM_SU)(SU_DA_USED_VALUE) 585 586 587 588 //*** Startup Flags 589 // These flags are included in gp.orderlyState. These are hacks and are being 590 // used to avoid having to change the layout of gp. The PRE_STARTUP_FLAG indicates 591 // that a _TPM_Hash_Start/_Data/_End sequence was received after _TPM_Init but 592 // before TPM2_StartUp(). STARTUP_LOCALITY_3 indicates that the last TPM2_Startup() 593 // was received at locality 3. These flags are only relevant if after a 594 // TPM2_Shutdown(STATE). 595 #define PRE_STARTUP_FLAG 0x8000 596 #define STARTUP_LOCALITY_3 0x4000 597 598 #if USE_DA_USED 599 //*** g_daUsed 600 // This location indicates if a DA-protected value is accessed during a boot 601 // cycle. If none has, then there is no need to increment 'failedTries' on the 602 // next non-orderly startup. This bit is merged with gp.orderlyState when 603 // gp.orderly is set to SU_NONE_VALUE 604 EXTERN BOOL g_daUsed; 605 #endif 606 607 //*** g_updateNV 608 // This flag indicates if NV should be updated at the end of a command. 609 // This flag is set to UT_NONE at the beginning of each command in ExecuteCommand(). 610 // This flag is checked in ExecuteCommand() after the detailed actions of a command 611 // complete. If the command execution was successful and this flag is not UT_NONE, 612 // any pending NV writes will be committed to NV. 613 // UT_ORDERLY causes any RAM data to be written to the orderly space for staging 614 // the write to NV. 615 typedef BYTE UPDATE_TYPE; 616 #define UT_NONE (UPDATE_TYPE)0 617 #define UT_NV (UPDATE_TYPE)1 618 #define UT_ORDERLY (UPDATE_TYPE)(UT_NV + 2) 619 EXTERN UPDATE_TYPE g_updateNV; 620 621 //*** g_powerWasLost 622 // This flag is used to indicate if the power was lost. It is SET in _TPM__Init. 623 // This flag is cleared by TPM2_Startup() after all power-lost activities are 624 // completed. 625 // Note: When power is applied, this value can come up as anything. However, 626 // _plat__WasPowerLost() will provide the proper indication in that case. So, when 627 // power is actually lost, we get the correct answer. When power was not lost, but 628 // the power-lost processing has not been completed before the next _TPM_Init(), 629 // then the TPM still does the correct thing. 630 EXTERN BOOL g_powerWasLost; 631 632 //*** g_clearOrderly 633 // This flag indicates if the execution of a command should cause the orderly 634 // state to be cleared. This flag is set to FALSE at the beginning of each 635 // command in ExecuteCommand() and is checked in ExecuteCommand() after the 636 // detailed actions of a command complete but before the check of 637 // 'g_updateNV'. If this flag is TRUE, and the orderly state is not 638 // SU_NONE_VALUE, then the orderly state in NV memory will be changed to 639 // SU_NONE_VALUE or SU_DA_USED_VALUE. 640 EXTERN BOOL g_clearOrderly; 641 642 //*** g_prevOrderlyState 643 // This location indicates how the TPM was shut down before the most recent 644 // TPM2_Startup(). This value, along with the startup type, determines if 645 // the TPM should do a TPM Reset, TPM Restart, or TPM Resume. 646 EXTERN TPM_SU g_prevOrderlyState; 647 648 //*** g_nvOk 649 // This value indicates if the NV integrity check was successful or not. If not and 650 // the failure was severe, then the TPM would have been put into failure mode after 651 // it had been re-manufactured. If the NV failure was in the area where the state-save 652 // data is kept, then this variable will have a value of FALSE indicating that 653 // a TPM2_Startup(CLEAR) is required. 654 EXTERN BOOL g_nvOk; 655 // NV availability is sampled as the start of each command and stored here 656 // so that its value remains consistent during the command execution 657 EXTERN TPM_RC g_NvStatus; 658 659 //*** g_platformUnique 660 // This location contains the unique value(s) used to identify the TPM. It is 661 // loaded on every _TPM2_Startup() 662 // The first value is used to seed the RNG. The second value is used as a vendor 663 // authValue. The value used by the RNG would be the value derived from the 664 // chip unique value (such as fused) with a dependency on the authorities of the 665 // code in the TPM boot path. The second would be derived from the chip unique value 666 // with a dependency on the details of the code in the boot path. That is, the 667 // first value depends on the various signers of the code and the second depends on 668 // what was signed. The TPM vendor should not be able to know the first value but 669 // they are expected to know the second. 670 EXTERN TPM2B_AUTH g_platformUniqueAuthorities; // Reserved for RNG 671 672 EXTERN TPM2B_AUTH g_platformUniqueDetails; // referenced by VENDOR_PERMANENT 673 674 //********************************************************************************* 675 //********************************************************************************* 676 //** Persistent Global Values 677 //********************************************************************************* 678 //********************************************************************************* 679 //*** Description 680 // The values in this section are global values that are persistent across power 681 // events. The lifetime of the values determines the structure in which the value 682 // is placed. 683 684 //********************************************************************************* 685 //*** PERSISTENT_DATA 686 //********************************************************************************* 687 // This structure holds the persistent values that only change as a consequence 688 // of a specific Protected Capability and are not affected by TPM power events 689 // (TPM2_Startup() or TPM2_Shutdown(). 690 typedef struct 691 { 692 //********************************************************************************* 693 // Hierarchy 694 //********************************************************************************* 695 // The values in this section are related to the hierarchies. 696 697 BOOL disableClear; // TRUE if TPM2_Clear() using 698 // lockoutAuth is disabled 699 700 // Hierarchy authPolicies 701 TPMI_ALG_HASH ownerAlg; 702 TPMI_ALG_HASH endorsementAlg; 703 TPMI_ALG_HASH lockoutAlg; 704 TPM2B_DIGEST ownerPolicy; 705 TPM2B_DIGEST endorsementPolicy; 706 TPM2B_DIGEST lockoutPolicy; 707 708 // Hierarchy authValues 709 TPM2B_AUTH ownerAuth; 710 TPM2B_AUTH endorsementAuth; 711 TPM2B_AUTH lockoutAuth; 712 713 // Primary Seeds 714 TPM2B_SEED EPSeed; 715 TPM2B_SEED SPSeed; 716 TPM2B_SEED PPSeed; 717 // Note there is a nullSeed in the state_reset memory. 718 719 // Hierarchy proofs 720 TPM2B_PROOF phProof; 721 TPM2B_PROOF shProof; 722 TPM2B_PROOF ehProof; 723 // Note there is a nullProof in the state_reset memory. 724 725 //********************************************************************************* 726 // Reset Events 727 //********************************************************************************* 728 // A count that increments at each TPM reset and never get reset during the life 729 // time of TPM. The value of this counter is initialized to 1 during TPM 730 // manufacture process. It is used to invalidate all saved contexts after a TPM 731 // Reset. 732 UINT64 totalResetCount; 733 734 // This counter increments on each TPM Reset. The counter is reset by 735 // TPM2_Clear(). 736 UINT32 resetCount; 737 738 //********************************************************************************* 739 // PCR 740 //********************************************************************************* 741 // This structure hold the policies for those PCR that have an update policy. 742 // This implementation only supports a single group of PCR controlled by 743 // policy. If more are required, then this structure would be changed to 744 // an array. 745 #if defined NUM_POLICY_PCR_GROUP && NUM_POLICY_PCR_GROUP > 0 746 PCR_POLICY pcrPolicies; 747 #endif 748 749 // This structure indicates the allocation of PCR. The structure contains a 750 // list of PCR allocations for each implemented algorithm. If no PCR are 751 // allocated for an algorithm, a list entry still exists but the bit map 752 // will contain no SET bits. 753 TPML_PCR_SELECTION pcrAllocated; 754 755 //********************************************************************************* 756 // Physical Presence 757 //********************************************************************************* 758 // The PP_LIST type contains a bit map of the commands that require physical 759 // to be asserted when the authorization is evaluated. Physical presence will be 760 // checked if the corresponding bit in the array is SET and if the authorization 761 // handle is TPM_RH_PLATFORM. 762 // 763 // These bits may be changed with TPM2_PP_Commands(). 764 BYTE ppList[(COMMAND_COUNT + 7) / 8]; 765 766 //********************************************************************************* 767 // Dictionary attack values 768 //********************************************************************************* 769 // These values are used for dictionary attack tracking and control. 770 UINT32 failedTries; // the current count of unexpired 771 // authorization failures 772 773 UINT32 maxTries; // number of unexpired authorization 774 // failures before the TPM is in 775 // lockout 776 777 UINT32 recoveryTime; // time between authorization failures 778 // before failedTries is decremented 779 780 UINT32 lockoutRecovery; // time that must expire between 781 // authorization failures associated 782 // with lockoutAuth 783 784 BOOL lockOutAuthEnabled; // TRUE if use of lockoutAuth is 785 // allowed 786 787 //***************************************************************************** 788 // Orderly State 789 //***************************************************************************** 790 // The orderly state for current cycle 791 TPM_SU orderlyState; 792 793 //***************************************************************************** 794 // Command audit values. 795 //***************************************************************************** 796 BYTE auditCommands[((COMMAND_COUNT + 1) + 7) / 8]; 797 TPMI_ALG_HASH auditHashAlg; 798 UINT64 auditCounter; 799 800 //***************************************************************************** 801 // Algorithm selection 802 //***************************************************************************** 803 // 804 // The 'algorithmSet' value indicates the collection of algorithms that are 805 // currently in used on the TPM. The interpretation of value is vendor dependent. 806 UINT32 algorithmSet; 807 808 //***************************************************************************** 809 // Firmware version 810 //***************************************************************************** 811 // The firmwareV1 and firmwareV2 values are instanced in TimeStamp.c. This is 812 // a scheme used in development to allow determination of the linker build time 813 // of the TPM. An actual implementation would implement these values in a way that 814 // is consistent with vendor needs. The values are maintained in RAM for simplified 815 // access with a master version in NV. These values are modified in a 816 // vendor-specific way. 817 818 // g_firmwareV1 contains the more significant 32-bits of the vendor version number. 819 // In the reference implementation, if this value is printed as a hex 820 // value, it will have the format of YYYYMMDD 821 UINT32 firmwareV1; 822 823 // g_firmwareV1 contains the less significant 32-bits of the vendor version number. 824 // In the reference implementation, if this value is printed as a hex 825 // value, it will have the format of 00 HH MM SS 826 UINT32 firmwareV2; 827 //***************************************************************************** 828 // Timer Epoch 829 //***************************************************************************** 830 // timeEpoch contains a nonce that has a vendor=specific size (should not be 831 // less than 8 bytes. This nonce changes when the clock epoch changes. The clock 832 // epoch changes when there is a discontinuity in the timing of the TPM. 833 #if !CLOCK_STOPS 834 CLOCK_NONCE timeEpoch; 835 #endif 836 837 } PERSISTENT_DATA; 838 839 EXTERN PERSISTENT_DATA gp; 840 841 //********************************************************************************* 842 //********************************************************************************* 843 //*** ORDERLY_DATA 844 //********************************************************************************* 845 //********************************************************************************* 846 // The data in this structure is saved to NV on each TPM2_Shutdown(). 847 typedef struct orderly_data 848 { 849 //***************************************************************************** 850 // TIME 851 //***************************************************************************** 852 853 // Clock has two parts. One is the state save part and one is the NV part. The 854 // state save version is updated on each command. When the clock rolls over, the 855 // NV version is updated. When the TPM starts up, if the TPM was shutdown in and 856 // orderly way, then the sClock value is used to initialize the clock. If the 857 // TPM shutdown was not orderly, then the persistent value is used and the safe 858 // attribute is clear. 859 860 UINT64 clock; // The orderly version of clock 861 TPMI_YES_NO clockSafe; // Indicates if the clock value is 862 // safe. 863 864 // In many implementations, the quality of the entropy available is not that 865 // high. To compensate, the current value of the drbgState can be saved and 866 // restored on each power cycle. This prevents the internal state from reverting 867 // to the initial state on each power cycle and starting with a limited amount 868 // of entropy. By keeping the old state and adding entropy, the entropy will 869 // accumulate. 870 DRBG_STATE drbgState; 871 872 // These values allow the accumulation of self-healing time across orderly shutdown 873 // of the TPM. 874 #if ACCUMULATE_SELF_HEAL_TIMER 875 UINT64 selfHealTimer; // current value of s_selfHealTimer 876 UINT64 lockoutTimer; // current value of s_lockoutTimer 877 UINT64 time; // current value of g_time at shutdown 878 #endif // ACCUMULATE_SELF_HEAL_TIMER 879 880 // These are the ACT Timeout values. They are saved with the other timers 881 #define DefineActData(N) ACT_STATE ACT_##N; 882 FOR_EACH_ACT(DefineActData) 883 884 // this is the 'signaled' attribute data for all the ACT. It is done this way so 885 // that they can be manipulated by ACT number rather than having to access a 886 // structure. 887 UINT16 signaledACT; 888 UINT16 preservedSignaled; 889 } ORDERLY_DATA; 890 891 #if ACCUMULATE_SELF_HEAL_TIMER 892 #define s_selfHealTimer go.selfHealTimer 893 #define s_lockoutTimer go.lockoutTimer 894 #endif // ACCUMULATE_SELF_HEAL_TIMER 895 896 # define drbgDefault go.drbgState 897 898 EXTERN ORDERLY_DATA go; 899 900 //********************************************************************************* 901 //********************************************************************************* 902 //*** STATE_CLEAR_DATA 903 //********************************************************************************* 904 //********************************************************************************* 905 // This structure contains the data that is saved on Shutdown(STATE) 906 // and restored on Startup(STATE). The values are set to their default 907 // settings on any Startup(Clear). In other words, the data is only persistent 908 // across TPM Resume. 909 // 910 // If the comments associated with a parameter indicate a default reset value, the 911 // value is applied on each Startup(CLEAR). 912 913 typedef struct state_clear_data 914 { 915 //***************************************************************************** 916 // Hierarchy Control 917 //***************************************************************************** 918 BOOL shEnable; // default reset is SET 919 BOOL ehEnable; // default reset is SET 920 BOOL phEnableNV; // default reset is SET 921 TPMI_ALG_HASH platformAlg; // default reset is TPM_ALG_NULL 922 TPM2B_DIGEST platformPolicy; // default reset is an Empty Buffer 923 TPM2B_AUTH platformAuth; // default reset is an Empty Buffer 924 925 //***************************************************************************** 926 // PCR 927 //***************************************************************************** 928 // The set of PCR to be saved on Shutdown(STATE) 929 PCR_SAVE pcrSave; // default reset is 0...0 930 931 // This structure hold the authorization values for those PCR that have an 932 // update authorization. 933 // This implementation only supports a single group of PCR controlled by 934 // authorization. If more are required, then this structure would be changed to 935 // an array. 936 PCR_AUTHVALUE pcrAuthValues; 937 938 //***************************************************************************** 939 // ACT 940 //***************************************************************************** 941 #define DefineActPolicySpace(N) TPMT_HA act_##N; 942 FOR_EACH_ACT(DefineActPolicySpace) 943 944 } STATE_CLEAR_DATA; 945 946 EXTERN STATE_CLEAR_DATA gc; 947 948 //********************************************************************************* 949 //********************************************************************************* 950 //*** State Reset Data 951 //********************************************************************************* 952 //********************************************************************************* 953 // This structure contains data is that is saved on Shutdown(STATE) and restored on 954 // the subsequent Startup(ANY). That is, the data is preserved across TPM Resume 955 // and TPM Restart. 956 // 957 // If a default value is specified in the comments this value is applied on 958 // TPM Reset. 959 960 typedef struct state_reset_data 961 { 962 //***************************************************************************** 963 // Hierarchy Control 964 //***************************************************************************** 965 TPM2B_PROOF nullProof; // The proof value associated with 966 // the TPM_RH_NULL hierarchy. The 967 // default reset value is from the RNG. 968 969 TPM2B_SEED nullSeed; // The seed value for the TPM_RN_NULL 970 // hierarchy. The default reset value 971 // is from the RNG. 972 973 //***************************************************************************** 974 // Context 975 //***************************************************************************** 976 // The 'clearCount' counter is incremented each time the TPM successfully executes 977 // a TPM Resume. The counter is included in each saved context that has 'stClear' 978 // SET (including descendants of keys that have 'stClear' SET). This prevents these 979 // objects from being loaded after a TPM Resume. 980 // If 'clearCount' is at its maximum value when the TPM receives a Shutdown(STATE), 981 // the TPM will return TPM_RC_RANGE and the TPM will only accept Shutdown(CLEAR). 982 UINT32 clearCount; // The default reset value is 0. 983 984 UINT64 objectContextID; // This is the context ID for a saved 985 // object context. The default reset 986 // value is 0. 987 CONTEXT_SLOT contextArray[MAX_ACTIVE_SESSIONS]; // This array contains 988 // contains the values used to track 989 // the version numbers of saved 990 // contexts (see 991 // Session.c in for details). The 992 // default reset value is {0}. 993 994 CONTEXT_COUNTER contextCounter; // This is the value from which the 995 // 'contextID' is derived. The 996 // default reset value is {0}. 997 998 //***************************************************************************** 999 // Command Audit 1000 //***************************************************************************** 1001 // When an audited command completes, ExecuteCommand() checks the return 1002 // value. If it is TPM_RC_SUCCESS, and the command is an audited command, the 1003 // TPM will extend the cpHash and rpHash for the command to this value. If this 1004 // digest was the Zero Digest before the cpHash was extended, the audit counter 1005 // is incremented. 1006 1007 TPM2B_DIGEST commandAuditDigest; // This value is set to an Empty Digest 1008 // by TPM2_GetCommandAuditDigest() or a 1009 // TPM Reset. 1010 1011 //***************************************************************************** 1012 // Boot counter 1013 //***************************************************************************** 1014 1015 UINT32 restartCount; // This counter counts TPM Restarts. 1016 // The default reset value is 0. 1017 1018 //********************************************************************************* 1019 // PCR 1020 //********************************************************************************* 1021 // This counter increments whenever the PCR are updated. This counter is preserved 1022 // across TPM Resume even though the PCR are not preserved. This is because 1023 // sessions remain active across TPM Restart and the count value in the session 1024 // is compared to this counter so this counter must have values that are unique 1025 // as long as the sessions are active. 1026 // NOTE: A platform-specific specification may designate that certain PCR changes 1027 // do not increment this counter to increment. 1028 UINT32 pcrCounter; // The default reset value is 0. 1029 1030 #if ALG_ECC 1031 1032 //***************************************************************************** 1033 // ECDAA 1034 //***************************************************************************** 1035 UINT64 commitCounter; // This counter increments each time 1036 // TPM2_Commit() returns 1037 // TPM_RC_SUCCESS. The default reset 1038 // value is 0. 1039 1040 TPM2B_NONCE commitNonce; // This random value is used to compute 1041 // the commit values. The default reset 1042 // value is from the RNG. 1043 1044 // This implementation relies on the number of bits in g_commitArray being a 1045 // power of 2 (8, 16, 32, 64, etc.) and no greater than 64K. 1046 BYTE commitArray[16]; // The default reset value is {0}. 1047 1048 #endif // ALG_ECC 1049 } STATE_RESET_DATA; 1050 1051 EXTERN STATE_RESET_DATA gr; 1052 1053 //** NV Layout 1054 // The NV data organization is 1055 // 1) a PERSISTENT_DATA structure 1056 // 2) a STATE_RESET_DATA structure 1057 // 3) a STATE_CLEAR_DATA structure 1058 // 4) an ORDERLY_DATA structure 1059 // 5) the user defined NV index space 1060 #define NV_PERSISTENT_DATA (0) 1061 #define NV_STATE_RESET_DATA (NV_PERSISTENT_DATA + sizeof(PERSISTENT_DATA)) 1062 #define NV_STATE_CLEAR_DATA (NV_STATE_RESET_DATA + sizeof(STATE_RESET_DATA)) 1063 #define NV_ORDERLY_DATA (NV_STATE_CLEAR_DATA + sizeof(STATE_CLEAR_DATA)) 1064 #define NV_INDEX_RAM_DATA (NV_ORDERLY_DATA + sizeof(ORDERLY_DATA)) 1065 #define NV_USER_DYNAMIC (NV_INDEX_RAM_DATA + sizeof(s_indexOrderlyRam)) 1066 #define NV_USER_DYNAMIC_END NV_MEMORY_SIZE 1067 1068 //** Global Macro Definitions 1069 // The NV_READ_PERSISTENT and NV_WRITE_PERSISTENT macros are used to access members 1070 // of the PERSISTENT_DATA structure in NV. 1071 #define NV_READ_PERSISTENT(to, from) \ 1072 NvRead(&to, offsetof(PERSISTENT_DATA, from), sizeof(to)) 1073 1074 #define NV_WRITE_PERSISTENT(to, from) \ 1075 NvWrite(offsetof(PERSISTENT_DATA, to), sizeof(gp.to), &from) 1076 1077 #define CLEAR_PERSISTENT(item) \ 1078 NvClearPersistent(offsetof(PERSISTENT_DATA, item), sizeof(gp.item)) 1079 1080 #define NV_SYNC_PERSISTENT(item) NV_WRITE_PERSISTENT(item, gp.item) 1081 1082 // At the start of command processing, the index of the command is determined. This 1083 // index value is used to access the various data tables that contain per-command 1084 // information. There are multiple options for how the per-command tables can be 1085 // implemented. This is resolved in GetClosestCommandIndex(). 1086 typedef UINT16 COMMAND_INDEX; 1087 #define UNIMPLEMENTED_COMMAND_INDEX ((COMMAND_INDEX)(~0)) 1088 1089 typedef struct _COMMAND_FLAGS_ 1090 { 1091 unsigned trialPolicy : 1; //1) If SET, one of the handles references a 1092 // trial policy and authorization may be 1093 // skipped. This is only allowed for a policy 1094 // command. 1095 } COMMAND_FLAGS; 1096 1097 // This structure is used to avoid having to manage a large number of 1098 // parameters being passed through various levels of the command input processing. 1099 // 1100 1101 // The following macros are used to define the space for the CP and RP hashes. Space, 1102 // is provided for each implemented hash algorithm because it is not known what the 1103 // caller may use. 1104 #define CP_HASH(HASH, Hash) TPM2B_##HASH##_DIGEST Hash##CpHash; 1105 #define RP_HASH(HASH, Hash) TPM2B_##HASH##_DIGEST Hash##RpHash; 1106 1107 typedef struct COMMAND 1108 { 1109 TPM_ST tag; // the parsed command tag 1110 TPM_CC code; // the parsed command code 1111 COMMAND_INDEX index; // the computed command index 1112 UINT32 handleNum; // the number of entity handles in the 1113 // handle area of the command 1114 TPM_HANDLE handles[MAX_HANDLE_NUM]; // the parsed handle values 1115 UINT32 sessionNum; // the number of sessions found 1116 INT32 parameterSize; // starts out with the parsed command size 1117 // and is reduced and values are 1118 // unmarshaled. Just before calling the 1119 // command actions, this should be zero. 1120 // After the command actions, this number 1121 // should grow as values are marshaled 1122 // in to the response buffer. 1123 INT32 authSize; // this is initialized with the parsed size 1124 // of authorizationSize field and should 1125 // be zero when the authorizations are 1126 // parsed. 1127 BYTE *parameterBuffer; // input to ExecuteCommand 1128 BYTE *responseBuffer; // input to ExecuteCommand 1129 FOR_EACH_HASH(CP_HASH) // space for the CP hashes 1130 FOR_EACH_HASH(RP_HASH) // space for the RP hashes 1131 } COMMAND; 1132 1133 // Global string constants for consistency in KDF function calls. 1134 // These string constants are shared across functions to make sure that they 1135 // are all using consistent string values. 1136 1137 #define STRING_INITIALIZER(value) {{sizeof(value), {value}}} 1138 #define TPM2B_STRING(name, value) \ 1139 typedef union name##_ { \ 1140 struct { \ 1141 UINT16 size; \ 1142 BYTE buffer[sizeof(value)]; \ 1143 } t; \ 1144 TPM2B b; \ 1145 } TPM2B_##name##_; \ 1146 EXTERN const TPM2B_##name##_ name##_ INITIALIZER(STRING_INITIALIZER(value)); \ 1147 EXTERN const TPM2B *name INITIALIZER(&name##_.b) 1148 1149 TPM2B_STRING(PRIMARY_OBJECT_CREATION, "Primary Object Creation"); 1150 TPM2B_STRING(CFB_KEY, "CFB"); 1151 TPM2B_STRING(CONTEXT_KEY, "CONTEXT"); 1152 TPM2B_STRING(INTEGRITY_KEY, "INTEGRITY"); 1153 TPM2B_STRING(SECRET_KEY, "SECRET"); 1154 TPM2B_STRING(SESSION_KEY, "ATH"); 1155 TPM2B_STRING(STORAGE_KEY, "STORAGE"); 1156 TPM2B_STRING(XOR_KEY, "XOR"); 1157 TPM2B_STRING(COMMIT_STRING, "ECDAA Commit"); 1158 TPM2B_STRING(DUPLICATE_STRING, "DUPLICATE"); 1159 TPM2B_STRING(IDENTITY_STRING, "IDENTITY"); 1160 TPM2B_STRING(OBFUSCATE_STRING, "OBFUSCATE"); 1161 #if SELF_TEST 1162 TPM2B_STRING(OAEP_TEST_STRING, "OAEP Test Value"); 1163 #endif // SELF_TEST 1164 1165 //***************************************************************************** 1166 //** From CryptTest.c 1167 //***************************************************************************** 1168 // This structure contains the self-test state values for the cryptographic modules. 1169 EXTERN CRYPTO_SELF_TEST_STATE g_cryptoSelfTestState; 1170 1171 //***************************************************************************** 1172 //** From Manufacture.c 1173 //***************************************************************************** 1174 EXTERN BOOL g_manufactured INITIALIZER(FALSE); 1175 1176 // This value indicates if a TPM2_Startup commands has been 1177 // receive since the power on event. This flag is maintained in power 1178 // simulation module because this is the only place that may reliably set this 1179 // flag to FALSE. 1180 EXTERN BOOL g_initialized; 1181 1182 //** Private data 1183 1184 //***************************************************************************** 1185 //*** From SessionProcess.c 1186 //***************************************************************************** 1187 #if defined SESSION_PROCESS_C || defined GLOBAL_C || defined MANUFACTURE_C 1188 // The following arrays are used to save command sessions information so that the 1189 // command handle/session buffer does not have to be preserved for the duration of 1190 // the command. These arrays are indexed by the session index in accordance with 1191 // the order of sessions in the session area of the command. 1192 // 1193 // Array of the authorization session handles 1194 EXTERN TPM_HANDLE s_sessionHandles[MAX_SESSION_NUM]; 1195 1196 // Array of authorization session attributes 1197 EXTERN TPMA_SESSION s_attributes[MAX_SESSION_NUM]; 1198 1199 // Array of handles authorized by the corresponding authorization sessions; 1200 // and if none, then TPM_RH_UNASSIGNED value is used 1201 EXTERN TPM_HANDLE s_associatedHandles[MAX_SESSION_NUM]; 1202 1203 // Array of nonces provided by the caller for the corresponding sessions 1204 EXTERN TPM2B_NONCE s_nonceCaller[MAX_SESSION_NUM]; 1205 1206 // Array of authorization values (HMAC's or passwords) for the corresponding 1207 // sessions 1208 EXTERN TPM2B_AUTH s_inputAuthValues[MAX_SESSION_NUM]; 1209 1210 // Array of pointers to the SESSION structures for the sessions in a command 1211 EXTERN SESSION *s_usedSessions[MAX_SESSION_NUM]; 1212 1213 // Special value to indicate an undefined session index 1214 #define UNDEFINED_INDEX (0xFFFF) 1215 1216 // Index of the session used for encryption of a response parameter 1217 EXTERN UINT32 s_encryptSessionIndex; 1218 1219 // Index of the session used for decryption of a command parameter 1220 EXTERN UINT32 s_decryptSessionIndex; 1221 1222 // Index of a session used for audit 1223 EXTERN UINT32 s_auditSessionIndex; 1224 1225 // The cpHash for command audit 1226 #ifdef TPM_CC_GetCommandAuditDigest 1227 EXTERN TPM2B_DIGEST s_cpHashForCommandAudit; 1228 #endif 1229 1230 // Flag indicating if NV update is pending for the lockOutAuthEnabled or 1231 // failedTries DA parameter 1232 EXTERN BOOL s_DAPendingOnNV; 1233 1234 #endif // SESSION_PROCESS_C 1235 1236 //***************************************************************************** 1237 //*** From DA.c 1238 //***************************************************************************** 1239 #if defined DA_C || defined GLOBAL_C || defined MANUFACTURE_C 1240 // This variable holds the accumulated time since the last time 1241 // that 'failedTries' was decremented. This value is in millisecond. 1242 #if !ACCUMULATE_SELF_HEAL_TIMER 1243 EXTERN UINT64 s_selfHealTimer; 1244 1245 // This variable holds the accumulated time that the lockoutAuth has been 1246 // blocked. 1247 EXTERN UINT64 s_lockoutTimer; 1248 #endif // ACCUMULATE_SELF_HEAL_TIMER 1249 1250 #endif // DA_C 1251 1252 //***************************************************************************** 1253 //*** From NV.c 1254 //***************************************************************************** 1255 #if defined NV_C || defined GLOBAL_C 1256 // This marks the end of the NV area. This is a run-time variable as it might 1257 // not be compile-time constant. 1258 EXTERN NV_REF s_evictNvEnd; 1259 1260 // This space is used to hold the index data for an orderly Index. It also contains 1261 // the attributes for the index. 1262 EXTERN BYTE s_indexOrderlyRam[RAM_INDEX_SPACE]; // The orderly NV Index data 1263 1264 // This value contains the current max counter value. It is written to the end of 1265 // allocatable NV space each time an index is deleted or added. This value is 1266 // initialized on Startup. The indices are searched and the maximum of all the 1267 // current counter indices and this value is the initial value for this. 1268 EXTERN UINT64 s_maxCounter; 1269 1270 // This is space used for the NV Index cache. As with a persistent object, the 1271 // contents of a referenced index are copied into the cache so that the 1272 // NV Index memory scanning and data copying can be reduced. 1273 // Only code that operates on NV Index data should use this cache directly. When 1274 // that action code runs, s_lastNvIndex will contain the index header information. 1275 // It will have been loaded when the handles were verified. 1276 // NOTE: An NV index handle can appear in many commands that do not operate on the 1277 // NV data (e.g. TPM2_StartAuthSession). However, only one NV Index at a time is 1278 // ever directly referenced by any command. If that changes, then the NV Index 1279 // caching needs to be changed to accommodate that. Currently, the code will verify 1280 // that only one NV Index is referenced by the handles of the command. 1281 EXTERN NV_INDEX s_cachedNvIndex; 1282 EXTERN NV_REF s_cachedNvRef; 1283 EXTERN BYTE *s_cachedNvRamRef; 1284 1285 // Initial NV Index/evict object iterator value 1286 #define NV_REF_INIT (NV_REF)0xFFFFFFFF 1287 1288 #endif 1289 1290 //***************************************************************************** 1291 //*** From Object.c 1292 //***************************************************************************** 1293 #if defined OBJECT_C || defined GLOBAL_C 1294 // This type is the container for an object. 1295 1296 EXTERN OBJECT s_objects[MAX_LOADED_OBJECTS]; 1297 1298 #endif // OBJECT_C 1299 1300 //***************************************************************************** 1301 //*** From PCR.c 1302 //***************************************************************************** 1303 #if defined PCR_C || defined GLOBAL_C 1304 // The following macro is used to define the per-implemented-hash space. This 1305 // implementation reserves space for all implemented hashes. 1306 #define PCR_ALL_HASH(HASH, Hash) BYTE Hash##Pcr[HASH##_DIGEST_SIZE]; 1307 1308 typedef struct 1309 { 1310 FOR_EACH_HASH(PCR_ALL_HASH) 1311 } PCR; 1312 1313 typedef struct 1314 { 1315 unsigned int stateSave : 1; // if the PCR value should be 1316 // saved in state save 1317 unsigned int resetLocality : 5; // The locality that the PCR 1318 // can be reset 1319 unsigned int extendLocality : 5; // The locality that the PCR 1320 // can be extend 1321 } PCR_Attributes; 1322 1323 EXTERN PCR s_pcrs[IMPLEMENTATION_PCR]; 1324 1325 #endif // PCR_C 1326 1327 //***************************************************************************** 1328 //*** From Session.c 1329 //***************************************************************************** 1330 #if defined SESSION_C || defined GLOBAL_C 1331 // Container for HMAC or policy session tracking information 1332 typedef struct 1333 { 1334 BOOL occupied; 1335 SESSION session; // session structure 1336 } SESSION_SLOT; 1337 1338 EXTERN SESSION_SLOT s_sessions[MAX_LOADED_SESSIONS]; 1339 1340 // The index in contextArray that has the value of the oldest saved session 1341 // context. When no context is saved, this will have a value that is greater 1342 // than or equal to MAX_ACTIVE_SESSIONS. 1343 EXTERN UINT32 s_oldestSavedSession; 1344 1345 // The number of available session slot openings. When this is 1, 1346 // a session can't be created or loaded if the GAP is maxed out. 1347 // The exception is that the oldest saved session context can always 1348 // be loaded (assuming that there is a space in memory to put it) 1349 EXTERN int s_freeSessionSlots; 1350 1351 #endif // SESSION_C 1352 1353 //***************************************************************************** 1354 //*** From IoBuffers.c 1355 //***************************************************************************** 1356 #if defined IO_BUFFER_C || defined GLOBAL_C 1357 // Each command function is allowed a structure for the inputs to the function and 1358 // a structure for the outputs. The command dispatch code unmarshals the input butter 1359 // to the command action input structure starting at the first byte of 1360 // s_actionIoBuffer. The value of s_actionIoAllocation is the number of UINT64 values 1361 // allocated. It is used to set the pointer for the response structure. The command 1362 // dispatch code will marshal the response values into the final output buffer. 1363 EXTERN UINT64 s_actionIoBuffer[768]; // action I/O buffer 1364 EXTERN UINT32 s_actionIoAllocation; // number of UIN64 allocated for the 1365 // action input structure 1366 #endif // IO_BUFFER_C 1367 1368 //***************************************************************************** 1369 //*** From TPMFail.c 1370 //***************************************************************************** 1371 // This value holds the address of the string containing the name of the function 1372 // in which the failure occurred. This address value is not useful for anything 1373 // other than helping the vendor to know in which file the failure occurred. 1374 EXTERN BOOL g_inFailureMode; // Indicates that the TPM is in failure mode 1375 #if SIMULATION 1376 EXTERN BOOL g_forceFailureMode; // flag to force failure mode during test 1377 #endif 1378 1379 typedef void(FailFunction)(const char *function, int line, int code); 1380 1381 #if defined TPM_FAIL_C || defined GLOBAL_C 1382 EXTERN UINT32 s_failFunction; 1383 EXTERN UINT32 s_failLine; // the line in the file at which 1384 // the error was signaled 1385 EXTERN UINT32 s_failCode; // the error code used 1386 1387 EXTERN FailFunction *LibFailCallback; 1388 1389 #endif // TPM_FAIL_C 1390 1391 //***************************************************************************** 1392 //*** From ACT_spt.c 1393 //***************************************************************************** 1394 // This value is used to indicate if an ACT has been updated since the last 1395 // TPM2_Startup() (one bit for each ACT). If the ACT is not updated 1396 // (TPM2_ACT_SetTimeout()) after a startup, then on each TPM2_Shutdown() the TPM will 1397 // save 1/2 of the current timer value. This prevents an attack on the ACT by saving 1398 // the counter and then running for a long period of time before doing a TPM Restart. 1399 // A quick TPM2_Shutdown() after each 1400 EXTERN UINT16 s_ActUpdated; 1401 1402 //***************************************************************************** 1403 //*** From CommandCodeAttributes.c 1404 //***************************************************************************** 1405 // This array is instanced in CommandCodeAttributes.c when it includes 1406 // CommandCodeAttributes.h. Don't change the extern to EXTERN. 1407 extern const TPMA_CC s_ccAttr[]; 1408 extern const COMMAND_ATTRIBUTES s_commandAttributes[]; 1409 1410 #endif // GLOBAL_H 1411