diff options
Diffstat (limited to 'src/tpm2/Global.h')
-rw-r--r-- | src/tpm2/Global.h | 1350 |
1 files changed, 1350 insertions, 0 deletions
diff --git a/src/tpm2/Global.h b/src/tpm2/Global.h new file mode 100644 index 0000000..84a0d13 --- /dev/null +++ b/src/tpm2/Global.h @@ -0,0 +1,1350 @@ +/********************************************************************************/ +/* */ +/* Internal Global Type Definitions */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: Global.h 1658 2021-01-22 23:14:01Z kgoldman $ */ +/* */ +/* Licenses and Notices */ +/* */ +/* 1. Copyright Licenses: */ +/* */ +/* - Trusted Computing Group (TCG) grants to the user of the source code in */ +/* this specification (the "Source Code") a worldwide, irrevocable, */ +/* nonexclusive, royalty free, copyright license to reproduce, create */ +/* derivative works, distribute, display and perform the Source Code and */ +/* derivative works thereof, and to grant others the rights granted herein. */ +/* */ +/* - The TCG grants to the user of the other parts of the specification */ +/* (other than the Source Code) the rights to reproduce, distribute, */ +/* display, and perform the specification solely for the purpose of */ +/* developing products based on such documents. */ +/* */ +/* 2. Source Code Distribution Conditions: */ +/* */ +/* - Redistributions of Source Code must retain the above copyright licenses, */ +/* this list of conditions and the following disclaimers. */ +/* */ +/* - Redistributions in binary form must reproduce the above copyright */ +/* licenses, this list of conditions and the following disclaimers in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* 3. Disclaimers: */ +/* */ +/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ +/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ +/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ +/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ +/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ +/* information on specification licensing rights available through TCG */ +/* membership agreements. */ +/* */ +/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ +/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ +/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ +/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ +/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ +/* */ +/* - Without limitation, TCG and its members and licensors disclaim all */ +/* liability, including liability for infringement of any proprietary */ +/* rights, relating to use of information in this specification and to the */ +/* implementation of this specification, and TCG disclaims all liability for */ +/* cost of procurement of substitute goods or services, lost profits, loss */ +/* of use, loss of data or any incidental, consequential, direct, indirect, */ +/* or special damages, whether under contract, tort, warranty or otherwise, */ +/* arising in any way out of use or reliance upon this specification or any */ +/* information herein. */ +/* */ +/* (c) Copyright IBM Corp. and others, 2016 - 2021 */ +/* */ +/********************************************************************************/ + +/* 5.9 Global.h */ +/* 5.9.2 Includes */ + +#if !defined _TPM_H_ +#error "Should only be instanced in TPM.h" +#endif + +#ifndef GLOBAL_H +#define GLOBAL_H +_REDUCE_WARNING_LEVEL_(2) +#include <string.h> +#include <stddef.h> +_NORMAL_WARNING_LEVEL_ +#include "BackwardsCompatibility.h" // libtpms added + +#include "Capabilities.h" +#include "TpmTypes.h" +#include "CommandAttributes.h" +#include "CryptTest.h" +#include "BnValues.h" +#include "CryptHash.h" +#include "CryptSym.h" +#include "CryptRand.h" +#include "CryptEcc.h" +#include "CryptRsa.h" +#include "CryptTest.h" +#include "TpmError.h" +#include "NV.h" +#include "ACT.h" +#include "Utils.h" // libtpms added + +//** Defines and Types + +//*** Size Types +// These types are used to differentiate the two different size values used. +// +// NUMBYTES is used when a size is a number of bytes (usually a TPM2B) +typedef UINT16 NUMBYTES; + +//*** Other Types +// An AUTH_VALUE is a BYTE array containing a digest (TPMU_HA) +typedef BYTE AUTH_VALUE[sizeof(TPMU_HA)]; + +/* A TIME_INFO is a BYTE array that can contain a TPMS_TIME_INFO */ +typedef BYTE TIME_INFO[sizeof(TPMS_TIME_INFO)]; + +/* A NAME is a BYTE array that can contain a TPMU_NAME */ +typedef BYTE NAME[sizeof(TPMU_NAME)]; + +/* Definition for a PROOF value */ +TPM2B_TYPE(PROOF, PROOF_SIZE); + +/* Definition for a Primary Seed value */ +TPM2B_TYPE(SEED, PRIMARY_SEED_SIZE); + +/* A CLOCK_NONCE is used to tag the time value in the authorization session and in the ticket + computation so that the ticket expires when there is a time discontinuity. When the clock stops + during normal operation, the nonce is 64-bit value kept in RAM but it is a 32-bit counter when + the clock only stops during power events. */ +#if CLOCK_STOPS +typedef UINT64 CLOCK_NONCE; +#else +typedef UINT32 CLOCK_NONCE; +#endif + +// 5.9.3 Loaded Object Structures +// 5.9.3.1 Description +// The structures in this section define the object layout as it exists in TPM memory. +// Two types of objects are defined: an ordinary object such as a key, and a sequence object that +// may be a hash, HMAC, or event. + +/* 5.9.3.2 OBJECT_ATTRIBUTES */ +/* An OBJECT_ATTRIBUTES structure contains the variable attributes of an object. These properties + are not part of the public properties but are used by the TPM in managing the object. An + OBJECT_ATTRIBUTES is used in the definition of the OBJECT data type. */ +typedef struct +{ +#if LITTLE_ENDIAN_TPM == YES /* libtpms added */ + unsigned publicOnly : 1; //0) SET if only the public portion of + // an object is loaded + unsigned epsHierarchy : 1; //1) SET if the object belongs to EPS + // Hierarchy + unsigned ppsHierarchy : 1; //2) SET if the object belongs to PPS + // Hierarchy + unsigned spsHierarchy : 1; //3) SET f the object belongs to SPS + // Hierarchy + unsigned evict : 1; //4) SET if the object is a platform or + // owner evict object. Platform- + // evict object belongs to PPS + // hierarchy, owner-evict object + // belongs to SPS or EPS hierarchy. + // This bit is also used to mark a + // completed sequence object so it + // will be flush when the + // SequenceComplete command succeeds. + unsigned primary : 1; //5) SET for a primary object + unsigned temporary : 1; //6) SET for a temporary object + unsigned stClear : 1; //7) SET for an stClear object + unsigned hmacSeq : 1; //8) SET for an HMAC or MAC sequence object + unsigned hashSeq : 1; //9) SET for a hash sequence object + unsigned eventSeq : 1; //10) SET for an event sequence object + unsigned ticketSafe : 1; //11) SET if a ticket is safe to create + // for hash sequence object + unsigned firstBlock : 1; //12) SET if the first block of hash + // data has been received. It + // works with ticketSafe bit + unsigned isParent : 1; //13) SET if the key has the proper + // attributes to be a parent key + unsigned privateExp : 1; //14) SET when the private exponent + // of an RSA key has been validated. + unsigned occupied : 1; //15) SET when the slot is occupied. + unsigned derivation : 1; //16) SET when the key is a derivation + // parent + unsigned external : 1; //17) SET when the object is loaded with + // TPM2_LoadExternal(); + unsigned reserved : 14; //18-31) /* libtpms added */ +#endif /* libtpms added */ +#if BIG_ENDIAN_TPM == YES /* libtpms added begin */ + unsigned reserved : 14; //18-31) + unsigned external : 1; //17) SET when the object is loaded with + unsigned derivation : 1; //16) SET when the key is a derivation + unsigned occupied : 1; //15) SET when the slot is occupied. + unsigned privateExp : 1; //14) SET when the private exponent + unsigned isParent : 1; //13) SET if the key has the proper + unsigned firstBlock : 1; //12) SET if the first block of hash + unsigned ticketSafe : 1; //11) SET if a ticket is safe to create + unsigned eventSeq : 1; //10) SET for an event sequence object + unsigned hashSeq : 1; //9) SET for a hash sequence object + unsigned hmacSeq : 1; //8) SET for an HMAC sequence object + unsigned stClear : 1; //7) SET for an stClear object + unsigned temporary : 1; //6) SET for a temporary object + unsigned primary : 1; //5) SET for a primary object + + unsigned evict : 1; //4) SET if the object is a platform or + unsigned spsHierarchy : 1; //3) SET f the object belongs to SPS + unsigned ppsHierarchy : 1; //2) SET if the object belongs to PPS + unsigned epsHierarchy : 1; //1) SET if the object belongs to EPS + unsigned publicOnly : 1; //0) SET if only the public portion of +#endif /* libtpms added end */ +} OBJECT_ATTRIBUTES; + +#if ALG_RSA +/* There is an overload of the sensitive.rsa.t.size field of a TPMT_SENSITIVE when an RSA key is + loaded. When the sensitive->sensitive contains an RSA key with all of the CRT values, then the + MSB of the size field will be set to indicate that the buffer contains all 5 of the CRT private + key values. */ +#define RSA_prime_flag 0x8000 +#endif + +/* 5.9.3.3 OBJECT Structure */ +/* An OBJECT structure holds the object public, sensitive, and meta-data associated. This structure + is implementation dependent. For this implementation, the structure is not optimized for space + but rather for clarity of the reference implementation. Other implementations may choose to + overlap portions of the structure that are not used simultaneously. These changes would + necessitate changes to the source code but those changes would be compatible with the reference + implementation. */ +typedef struct OBJECT +{ + // The attributes field is required to be first followed by the publicArea. + // This allows the overlay of the object structure and a sequence structure + OBJECT_ATTRIBUTES attributes; // object attributes + TPMT_PUBLIC publicArea; // public area of an object + TPMT_SENSITIVE sensitive; // sensitive area of an object +#if ALG_RSA + privateExponent_t privateExponent; // Additional field for the private +#endif + TPM2B_NAME qualifiedName; // object qualified name + TPMI_DH_OBJECT evictHandle; // if the object is an evict object, + // the original handle is kept here. + // The 'working' handle will be the + // handle of an object slot. + TPM2B_NAME name; // Name of the object name. Kept here + // to avoid repeatedly computing it. + + // libtpms added: SEED_COMPAT_LEVEL to use for deriving child keys + SEED_COMPAT_LEVEL seedCompatLevel; + // libtpms added: OBJECT lies in NVRAM; to avoid that it needs different number + // of bytes on 32 bit and 64 bit architectures, we need to make sure it's the + // same size; simple padding at the end works here + UINT8 _pad[3]; +} OBJECT; + +/* 5.9.3.4 HASH_OBJECT Structure */ +/* This structure holds a hash sequence object or an event sequence object. */ +/* The first four components of this structure are manually set to be the same as the first four + components of the object structure. This prevents the object from being inadvertently misused as + sequence objects occupy the same memory as a regular object. A debug check is present to make + sure that the offsets are what they are supposed to be. */ +/* NOTE: In a future version, this will probably be renamed as SEQUENCE_OBJECT */ +typedef struct HASH_OBJECT +{ + OBJECT_ATTRIBUTES attributes; // The attributes of the HASH object + TPMI_ALG_PUBLIC type; // algorithm + TPMI_ALG_HASH nameAlg; // name algorithm + TPMA_OBJECT objectAttributes; // object attributes + // The data below is unique to a sequence object + TPM2B_AUTH auth; // authorization for use of sequence + union + { + HASH_STATE hashState[HASH_COUNT]; + HMAC_STATE hmacState; + } state; +} HASH_OBJECT; +typedef BYTE HASH_OBJECT_BUFFER[sizeof(HASH_OBJECT)]; + +/* 5.9.3.5 ANY_OBJECT */ +/* This is the union for holding either a sequence object or a regular object. for ContextSave() and + ContextLoad() */ +typedef union ANY_OBJECT +{ + OBJECT entity; + HASH_OBJECT hash; +} ANY_OBJECT; +typedef BYTE ANY_OBJECT_BUFFER[sizeof(ANY_OBJECT)]; + +/* 5.9.4 AUTH_DUP Types */ +/* These values are used in the authorization processing. */ +typedef UINT32 AUTH_ROLE; +#define AUTH_NONE ((AUTH_ROLE)(0)) +#define AUTH_USER ((AUTH_ROLE)(1)) +#define AUTH_ADMIN ((AUTH_ROLE)(2)) +#define AUTH_DUP ((AUTH_ROLE)(3)) + +/* 5.9.5 Active Session Context */ +/* 5.9.5.1 Description */ +/* The structures in this section define the internal structure of a session context. */ +/* 5.9.5.2 SESSION_ATTRIBUTES */ +/* The attributes in the SESSION_ATTRIBUTES structure track the various properties of the + session. It maintains most of the tracking state information for the policy session. It is used + within the SESSION structure. */ +typedef struct SESSION_ATTRIBUTES +{ +#if LITTLE_ENDIAN_TPM == YES /* libtpms added */ + unsigned isPolicy : 1; //1) SET if the session may only be used + // for policy + unsigned isAudit : 1; //2) SET if the session is used for audit + unsigned isBound : 1; //3) SET if the session is bound to with an + // entity. This attribute will be CLEAR + // if either isPolicy or isAudit is SET. + unsigned isCpHashDefined : 1; //4) SET if the cpHash has been defined + // This attribute is not SET unless + // 'isPolicy' is SET. + unsigned isAuthValueNeeded : 1; //5) SET if the authValue is required for + // computing the session HMAC. This + // attribute is not SET unless 'isPolicy' + // is SET. + unsigned isPasswordNeeded : 1; //6) SET if a password authValue is required + // for authorization This attribute is not + // SET unless 'isPolicy' is SET. + unsigned isPPRequired : 1; //7) SET if physical presence is required to + // be asserted when the authorization is + // checked. This attribute is not SET + // unless 'isPolicy' is SET. + unsigned isTrialPolicy : 1; //8) SET if the policy session is created + // for trial of the policy's policyHash + // generation. This attribute is not SET + // unless 'isPolicy' is SET. + unsigned isDaBound : 1; //9) SET if the bind entity had noDA CLEAR. + // If this is SET, then an authorization + // failure using this session will count + // against lockout even if the object + // being authorized is exempt from DA. + unsigned isLockoutBound : 1; //10) SET if the session is bound to + // lockoutAuth. + unsigned includeAuth : 1; //11) This attribute is SET when the + // authValue of an object is to be + // included in the computation of the + // HMAC key for the command and response + // computations. (was 'requestWasBound') + unsigned checkNvWritten : 1; //12) SET if the TPMA_NV_WRITTEN attribute + // needs to be checked when the policy is + // used for authorization for NV access. + // If this is SET for any other type, the + // policy will fail. + unsigned nvWrittenState : 1; //13) SET if TPMA_NV_WRITTEN is required to + // be SET. Used when 'checkNvWritten' is + // SET + unsigned isTemplateSet : 1; //14) SET if the templateHash needs to be + // checked for Create, CreatePrimary, or + // CreateLoaded. + unsigned _reserved : 18; //15-32 /* libtpms added */ +#endif /* libtpms added */ +#if BIG_ENDIAN_TPM == YES /* libtpms added begin */ + unsigned _reserved : 18; //15-32 + unsigned isTemplateSet : 1; //14) SET if the templateHash needs to be + unsigned nvWrittenState : 1; //13) SET if TPMA_NV_WRITTEN is required to + unsigned checkNvWritten : 1; //12) SET if the TPMA_NV_WRITTEN attribute + unsigned includeAuth : 1; //11) This attribute is SET when the + unsigned isLockoutBound : 1; //10) SET if the session is bound to + unsigned isDaBound : 1; //9) SET if the bind entity had noDA CLEAR. + unsigned isTrialPolicy : 1; //8) SET if the policy session is created + unsigned isPPRequired : 1; //7) SET if physical presence is required to + unsigned isPasswordNeeded : 1; //6) SET if a password authValue is required + unsigned isAuthValueNeeded : 1; //5) SET if the authValue is required for + unsigned isCpHashDefined : 1; //4) SET if the cpHash has been defined + unsigned isBound : 1; //3) SET if the session is bound to with an + unsigned isAudit : 1; //2) SET if the session is used for audit + unsigned isPolicy : 1; //1) SET if the session may only be used +#endif /* libtpms added end */ +} SESSION_ATTRIBUTES; + +/* 5.9.5.3 SESSION Structure */ +/* The SESSION structure contains all the context of a session except for the associated + contextID. */ +/* NOTE: The contextID of a session is only relevant when the session context is stored off the + TPM. */ +typedef struct SESSION +{ + SESSION_ATTRIBUTES attributes; // session attributes + UINT32 pcrCounter; // PCR counter value when PCR is + // included (policy session) + // If no PCR is included, this + // value is 0. + UINT64 startTime; // The value in g_time + // when the session was started (policy session) + UINT64 timeout; // The timeout relative to g_time + // There is no timeout if this value + // is 0. + CLOCK_NONCE epoch; // The g_clockEpoch value when the + // session was started. If g_clockEpoch + // does not match this value when the + // timeout is used, then + // then the command will fail. + TPM_CC commandCode; // command code (policy session) + TPM_ALG_ID authHashAlg; // session hash algorithm + TPMA_LOCALITY commandLocality; // command locality (policy session) + TPMT_SYM_DEF symmetric; // session symmetric algorithm (if any) + TPM2B_AUTH sessionKey; // session secret value used for + // this session + TPM2B_NONCE nonceTPM; // last TPM-generated nonce for + // generating HMAC and encryption keys + union + { + TPM2B_NAME boundEntity; // value used to track the entity to + // which the session is bound + TPM2B_DIGEST cpHash; // the required cpHash value for the + // command being authorized + TPM2B_DIGEST nameHash; // the required nameHash + TPM2B_DIGEST templateHash; // the required template for creation + } u1; + union + { + TPM2B_DIGEST auditDigest; // audit session digest + TPM2B_DIGEST policyDigest; // policyHash + } u2; // audit log and policyHash may + // share space to save memory +} SESSION; +#define EXPIRES_ON_RESET INT32_MIN +#define TIMEOUT_ON_RESET UINT64_MAX +#define EXPIRES_ON_RESTART (INT32_MIN + 1) +#define TIMEOUT_ON_RESTART (UINT64_MAX - 1) +typedef BYTE SESSION_BUF[sizeof(SESSION)]; + +/* 5.9.7 PCR */ +/* 5.9.7.1 PCR_SAVE Structure */ +/* The PCR_SAVE structure type contains the PCR data that are saved across power cycles. Only the + static PCR are required to be saved across power cycles. The DRTM and resettable PCR are not + saved. The number of static and resettable PCR is determined by the platform-specific + specification to which the TPM is built. */ + +#define PCR_SAVE_SPACE(HASH, Hash) BYTE Hash[NUM_STATIC_PCR][HASH##_DIGEST_SIZE]; + +typedef struct PCR_SAVE +{ + FOR_EACH_HASH(PCR_SAVE_SPACE) + + // This counter increments whenever the PCR are updated. + // NOTE: A platform-specific specification may designate + // certain PCR changes as not causing this counter + // to increment. + UINT32 pcrCounter; +} PCR_SAVE; + +/* 5.9.6.2 PCR_POLICY */ +#if defined NUM_POLICY_PCR_GROUP && NUM_POLICY_PCR_GROUP > 0 +/* This structure holds the PCR policies, one for each group of PCR controlled by policy. */ +typedef struct PCR_POLICY +{ + TPMI_ALG_HASH hashAlg[NUM_POLICY_PCR_GROUP]; + TPM2B_DIGEST a_unused; /* libtpms: renamed field since not used and not initialized */ + TPM2B_DIGEST policy[NUM_POLICY_PCR_GROUP]; +} PCR_POLICY; +#endif + +/* 5.9.6.3 PCR_AUTHVALUE */ +/* This structure holds the PCR policies, one for each group of PCR controlled by policy. */ +typedef struct PCR_AUTH_VALUE +{ + TPM2B_DIGEST auth[NUM_AUTHVALUE_PCR_GROUP]; +} PCR_AUTHVALUE; + +/* 5.9.7 STARTUP_TYPE */ +/* This enumeration is the possible startup types. The type is determined by the combination of + TPM2_ShutDown() and TPM2_Startup(). */ +typedef enum + { + SU_RESET, + SU_RESTART, + SU_RESUME + } STARTUP_TYPE; + +/* 5.9.8 NV */ +/* 5.9.8.1 NV_INDEX */ +/* The NV_INDEX structure defines the internal format for an NV index. The indexData size varies + according to the type of the index. In this implementation, all of the index is manipulated as a + unit. */ +typedef struct NV_INDEX +{ + TPMS_NV_PUBLIC publicArea; + TPM2B_AUTH authValue; +} NV_INDEX; + +/* 5.9.8.2 NV_REF */ +/* An NV_REF is an opaque value returned by the NV subsystem. It is used to reference and NV Index + in a relatively efficient way. Rather than having to continually search for an Index, its + reference value may be used. In this implementation, an NV_REF is a byte pointer that points to + the copy of the NV memory that is kept in RAM. */ +typedef UINT32 NV_REF; +typedef BYTE *NV_RAM_REF; + +/* 5.9.8.3 NV_PIN */ +/* This structure deals with the possible endianness differences between the canonical form of the + TPMS_NV_PIN_COUNTER_PARAMETERS structure and the internal value. The structures allow the data in + a PIN index to be read as an 8-octet value using NvReadUINT64Data(). That function will byte swap + all the values on a little endian system. This will put the bytes with the 4-octet values in the + correct order but will swap the pinLimit and pinCount values. When written, the PIN index is + simply handled as a normal index with the octets in canonical order. */ +#if BIG_ENDIAN_TPM +typedef struct +{ + UINT32 pinCount; + UINT32 pinLimit; +} PIN_DATA; +#else +typedef struct +{ + UINT32 pinLimit; + UINT32 pinCount; +} PIN_DATA; +#endif +typedef union +{ + UINT64 intVal; + PIN_DATA pin; +} NV_PIN; + +/* 5.9.9 COMMIT_INDEX_MASK */ +/* This is the define for the mask value that is used when manipulating the bits in the commit bit + array. The commit counter is a 64-bit value and the low order bits are used to index the + commitArray. This mask value is applied to the commit counter to extract the bit number in the + array. */ +#if ALG_ECC +#define COMMIT_INDEX_MASK ((UINT16)((sizeof(gr.commitArray)*8)-1)) +#endif + +/* 5.9.10 RAM Global Values */ +/* 5.9.10.1 Description */ +/* The values in this section are only extant in RAM or ROM as constant values. */ +/* 5.9.10.2 Crypto Self-Test Values */ +EXTERN ALGORITHM_VECTOR g_implementedAlgorithms; +EXTERN ALGORITHM_VECTOR g_toTest; + +/* 5.9.10.3 g_rcIndex[] */ +/* This array is used to contain the array of values that are added to a return code when it is a + parameter-, handle-, or session-related error. This is an implementation choice and the same + result can be achieved by using a macro. */ +#define g_rcIndexInitializer { TPM_RC_1, TPM_RC_2, TPM_RC_3, TPM_RC_4, \ + TPM_RC_5, TPM_RC_6, TPM_RC_7, TPM_RC_8, \ + TPM_RC_9, TPM_RC_A, TPM_RC_B, TPM_RC_C, \ + TPM_RC_D, TPM_RC_E, TPM_RC_F } +EXTERN const UINT16 g_rcIndex[15] INITIALIZER(g_rcIndexInitializer); + +/* 5.9.10.4 g_exclusiveAuditSession */ +/* This location holds the session handle for the current exclusive audit session. If there is no + exclusive audit session, the location is set to TPM_RH_UNASSIGNED. */ +EXTERN TPM_HANDLE g_exclusiveAuditSession; + +/* 5.9.10.5 g_time */ +/* This is the value in which we keep the current command time. This is initialized at the start of + each command. The time is the accumulated time since the last time that the TPM's timer was last + powered up. Clock is the accumulated time since the last time that the TPM was cleared. g_time is + in mS. */ +EXTERN UINT64 g_time; + +/* 5.9.10.6 g_timeEpoch */ +/* This value contains the current clock Epoch. It changes when there is a clock discontinuity. It + may be necessary to place this in NV should the timer be able to run across a power down of the + TPM but not in all cases (e.g. dead battery). If the nonce is placed in NV, it should go in gp + because it should be changing slowly. */ +#if CLOCK_STOPS +EXTERN CLOCK_NONCE g_timeEpoch; +#else +#define g_timeEpoch gp.timeEpoch +#endif + +/* 5.9.10.7 g_phEnable */ +/* This is the platform hierarchy control and determines if the platform hierarchy is + available. This value is SET on each TPM2_Startup(). The default value is SET. */ +EXTERN BOOL g_phEnable; + +/* 5.9.10.8 g_pcrReConfig */ +/* This value is SET if a TPM2_PCR_Allocate() command successfully executed since the last + TPM2_Startup(). If so, then the next shutdown is required to be Shutdown(CLEAR). */ +EXTERN BOOL g_pcrReConfig; + +/* 5.9.10.9 g_DRTMHandle */ +/* This location indicates the sequence object handle that holds the DRTM sequence data. When not + used, it is set to TPM_RH_UNASSIGNED. A sequence DRTM sequence is started on either _TPM_Init() + or _TPM_Hash_Start(). */ +EXTERN TPMI_DH_OBJECT g_DRTMHandle; + +/* 5.9.10.10 g_DrtmPreStartup */ +/* This value indicates that an H-CRTM occurred after _TPM_Init() but before TPM2_Startup(). The + define for PRE_STARTUP_FLAG is used to add the g_DrtmPreStartup value to gp_orderlyState at + shutdown. This hack is to avoid adding another NV variable. */ +EXTERN BOOL g_DrtmPreStartup; + +/* 5.9.10.11 g_StartupLocality3 */ +/* This value indicates that a TPM2_Startup() occurred at locality 3. Otherwise, it at locality + 0. The define for STARTUP_LOCALITY_3 is to indicate that the startup was not at locality 0. This + hack is to avoid adding another NV variable. */ +EXTERN BOOL g_StartupLocality3; + +/* 5.9.10.12 TPM_SU_NONE */ +/* Part 2 defines the two shutdown/startup types that may be used in TPM2_Shutdown() and + TPM2_Starup(). This additional define is used by the TPM to indicate that no shutdown was + received. */ +/* NOTE: This is a reserved value. */ +#define SU_NONE_VALUE (0xFFFF) +#define TPM_SU_NONE (TPM_SU)(SU_NONE_VALUE) + +/* 5.9.10.13 TPM_SU_DA_USED */ +/* As with TPM_SU_NONE, this value is added to allow indication that the shutdown was not orderly + and that a DA=protected object was reference during the previous cycle. */ +#define SU_DA_USED_VALUE (SU_NONE_VALUE - 1) +#define TPM_SU_DA_USED (TPM_SU)(SU_DA_USED_VALUE) + +/* 5.9.10.14 Startup Flags */ +/* These flags are included in gp.orderlyState. These are hacks and are being used to avoid having + to change the layout of gp. The PRE_STARTUP_FLAG indicates that a + _TPM_Hash_Start()/_Data()/_End() sequence was received after _TPM_Init() but before + TPM2_StartUp(). STARTUP_LOCALITY_3 indicates that the last TPM2_Startup() was received at + locality 3. These flags are only relevant if after a TPM2_Shutdown(STATE). */ +#define PRE_STARTUP_FLAG 0x8000 +#define STARTUP_LOCALITY_3 0x4000 +#define TPM_SU_STATE_MASK ~(PRE_STARTUP_FLAG | STARTUP_LOCALITY_3) // libtpms added +#if USE_DA_USED + +/* 5.9.10.15 g_daUsed */ +/* This location indicates if a DA-protected value is accessed during a boot cycle. If none has, + then there is no need to increment failedTries on the next non-orderly startup. This bit is + merged with gp.orderlyState when gp.orderly is set to SU_NONE_VALUE */ + +/* This global is set to FALSE on startup (after a decision has been made on whether to increment + the failedTries or not). On a first attempt to access a DA protected object: this global is set + to 1, the orderlyState is set to SU_DA_USED, committed to NV and the command execution returns + with RC_RETRY (without exposing any information on the DA attempt). */ +EXTERN BOOL g_daUsed; +#endif + +/* 5.9.10.16 g_updateNV */ +/* This flag indicates if NV should be updated at the end of a command. This flag is set to UT_NONE + at the beginning of each command in ExecuteCommand(). This flag is checked in ExecuteCommand() + after the detailed actions of a command complete. If the command execution was successful and + this flag is not UT_NONE, any pending NV writes will be committed to NV. UT_ORDERLY causes any + RAM data to be written to the orderly space for staging the write to NV. */ +typedef BYTE UPDATE_TYPE; +#define UT_NONE (UPDATE_TYPE)0 +#define UT_NV (UPDATE_TYPE)1 +#define UT_ORDERLY (UPDATE_TYPE)(UT_NV + 2) +EXTERN UPDATE_TYPE g_updateNV; +/* 5.9.10.17 g_powerWasLost */ +/* This flag is used to indicate if the power was lost. It is SET in _TPM__Init(). This flag is + cleared by TPM2_Startup() after all power-lost activities are completed. */ +/* NOTE: When power is applied, this value can come up as anything. However, _plat__WasPowerLost() + will provide the proper indication in that case. So, when power is actually lost, we get the + correct answer. When power was not lost, but the power-lost processing has not been completed + before the next _TPM_Init(), then the TPM still does the correct thing. */ +EXTERN BOOL g_powerWasLost; + +/* 5.9.10.18 g_clearOrderly */ +/* This flag indicates if the execution of a command should cause the orderly state to be cleared. + This flag is set to FALSE at the beginning of each command in ExecuteCommand() and is checked in + ExecuteCommand() after the detailed actions of a command complete but before the check of + g_updateNV. If this flag is TRUE, and the orderly state is not SU_NONE_VALUE, then the orderly + state in NV memory will be changed to SU_NONE_VALUE or SU_DA_USED_VALUE. */ +EXTERN BOOL g_clearOrderly; + +/* 5.9.10.19 g_prevOrderlyState */ +/* This location indicates how the TPM was shut down before the most recent TPM2_Startup(). This + value, along with the startup type, determines if the TPM should do a TPM Reset, TPM Restart, or + TPM Resume. */ +EXTERN TPM_SU g_prevOrderlyState; + +/* 5.9.10.20 g_nvOk */ +/* This value indicates if the NV integrity check was successful or not. If not and the failure was + severe, then the TPM would have been put into failure mode after it had been re-manufactured. If + the NV failure was in the area where the state-save data is kept, then this variable will have a + value of FALSE indicating that a TPM2_Startup(CLEAR) is required. */ +EXTERN BOOL g_nvOk; + +/* NV availability is sampled as the start of each command and stored here so that its value remains + consistent during the command execution */ +EXTERN TPM_RC g_NvStatus; + +/* 5.9.10.21 g_platformUnique */ +/* This location contains the unique value(s) used to identify the TPM. It is loaded on every + _TPM2_Startup() The first value is used to seed the RNG. The second value is used as a vendor + authValue. The value used by the RNG would be the value derived from the chip unique value (such + as fused) with a dependency on the authorities of the code in the TPM boot path. The second would + be derived from the chip unique value with a dependency on the details of the code in the boot + path. That is, the first value depends on the various signers of the code and the second depends + on what was signed. The TPM vendor should not be able to know the first value but they are + expected to know the second. */ +EXTERN TPM2B_AUTH g_platformUniqueAuthorities; // Reserved for RNG +EXTERN TPM2B_AUTH g_platformUniqueDetails; // referenced by VENDOR_PERMANENT + +//********************************************************************************* +//********************************************************************************* +//** Persistent Global Values +//********************************************************************************* +//********************************************************************************* +//*** Description +// The values in this section are global values that are persistent across power +// events. The lifetime of the values determines the structure in which the value +// is placed. + +/* 5.9.11.2 PERSISTENT_DATA */ +/* This structure holds the persistent values that only change as a consequence of a specific + Protected Capability and are not affected by TPM power events (TPM2_Startup() or + TPM2_Shutdown(). */ +typedef struct +{ + //********************************************************************************* + // Hierarchy + //********************************************************************************* + // The values in this section are related to the hierarchies. + BOOL disableClear; // TRUE if TPM2_Clear() using + // lockoutAuth is disabled + // Hierarchy authPolicies + TPMI_ALG_HASH ownerAlg; + TPMI_ALG_HASH endorsementAlg; + TPMI_ALG_HASH lockoutAlg; + TPM2B_DIGEST ownerPolicy; + TPM2B_DIGEST endorsementPolicy; + TPM2B_DIGEST lockoutPolicy; + // Hierarchy authValues + TPM2B_AUTH ownerAuth; + TPM2B_AUTH endorsementAuth; + TPM2B_AUTH lockoutAuth; + // Primary Seeds + TPM2B_SEED EPSeed; + TPM2B_SEED SPSeed; + TPM2B_SEED PPSeed; + // SEED_COMPAT_LEVELs related to creation time of seeds + SEED_COMPAT_LEVEL EPSeedCompatLevel; // libtpms added begin + SEED_COMPAT_LEVEL SPSeedCompatLevel; + SEED_COMPAT_LEVEL PPSeedCompatLevel; // libtpms added end + // Note there is a nullSeed in the state_reset memory. + // Hierarchy proofs + TPM2B_PROOF phProof; + TPM2B_PROOF shProof; + TPM2B_PROOF ehProof; + // Note there is a nullProof in the state_reset memory. + //********************************************************************************* + // Reset Events + //********************************************************************************* + // A count that increments at each TPM reset and never get reset during the life + // time of TPM. The value of this counter is initialized to 1 during TPM + // manufacture process. It is used to invalidate all saved contexts after a TPM + // Reset. + UINT64 totalResetCount; + // This counter increments on each TPM Reset. The counter is reset by + // TPM2_Clear(). + UINT32 resetCount; + //********************************************************************************* + // PCR + //********************************************************************************* + // This structure hold the policies for those PCR that have an update policy. + // This implementation only supports a single group of PCR controlled by + // policy. If more are required, then this structure would be changed to + // an array. +#if defined NUM_POLICY_PCR_GROUP && NUM_POLICY_PCR_GROUP > 0 + PCR_POLICY pcrPolicies; +#endif + // This structure indicates the allocation of PCR. The structure contains a + // list of PCR allocations for each implemented algorithm. If no PCR are + // allocated for an algorithm, a list entry still exists but the bit map + // will contain no SET bits. + TPML_PCR_SELECTION pcrAllocated; + //********************************************************************************* + // Physical Presence + //********************************************************************************* + // The PP_LIST type contains a bit map of the commands that require physical + // to be asserted when the authorization is evaluated. Physical presence will be + // checked if the corresponding bit in the array is SET and if the authorization + // handle is TPM_RH_PLATFORM. + // + // These bits may be changed with TPM2_PP_Commands(). + BYTE ppList[(COMMAND_COUNT + 7) / 8]; + //********************************************************************************* + // Dictionary attack values + //********************************************************************************* + // These values are used for dictionary attack tracking and control. + UINT32 failedTries; // the current count of unexpired + // authorization failures + UINT32 maxTries; // number of unexpired authorization + // failures before the TPM is in + // lockout + UINT32 recoveryTime; // time between authorization failures + // before failedTries is decremented + UINT32 lockoutRecovery; // time that must expire between + // authorization failures associated + // with lockoutAuth + BOOL lockOutAuthEnabled; // TRUE if use of lockoutAuth is + // allowed + //***************************************************************************** + // Orderly State + //***************************************************************************** + // The orderly state for current cycle + TPM_SU orderlyState; + //***************************************************************************** + // Command audit values. + //***************************************************************************** + BYTE auditCommands[((COMMAND_COUNT + 1) + 7) / 8]; + TPMI_ALG_HASH auditHashAlg; + UINT64 auditCounter; + //***************************************************************************** + // Algorithm selection + //***************************************************************************** + // + // The 'algorithmSet' value indicates the collection of algorithms that are + // currently in used on the TPM. The interpretation of value is vendor dependent. + UINT32 algorithmSet; + //***************************************************************************** + // Firmware version + //***************************************************************************** + // The firmwareV1 and firmwareV2 values are instanced in TimeStamp.c. This is + // a scheme used in development to allow determination of the linker build time + // of the TPM. An actual implementation would implement these values in a way that + // is consistent with vendor needs. The values are maintained in RAM for simplified + // access with a master version in NV. These values are modified in a + // vendor-specific way. + // g_firmwareV1 contains the more significant 32-bits of the vendor version number. + // In the reference implementation, if this value is printed as a hex + // value, it will have the format of YYYYMMDD + UINT32 firmwareV1; + // g_firmwareV1 contains the less significant 32-bits of the vendor version number. + // In the reference implementation, if this value is printed as a hex + // value, it will have the format of 00 HH MM SS + UINT32 firmwareV2; + //***************************************************************************** + // Timer Epoch + //***************************************************************************** + // timeEpoch contains a nonce that has a vendor=specific size (should not be + // less than 8 bytes. This nonce changes when the clock epoch changes. The clock + // epoch changes when there is a discontinuity in the timing of the TPM. +#if !CLOCK_STOPS + CLOCK_NONCE timeEpoch; +#endif +} PERSISTENT_DATA; +EXTERN PERSISTENT_DATA gp; + +/* 5.9.11.3 ORDERLY_DATA */ +/* The data in this structure is saved to NV on each TPM2_Shutdown(). */ +typedef struct orderly_data +{ + //***************************************************************************** + // TIME + //***************************************************************************** + // Clock has two parts. One is the state save part and one is the NV part. The + // state save version is updated on each command. When the clock rolls over, the + // NV version is updated. When the TPM starts up, if the TPM was shutdown in and + // orderly way, then the sClock value is used to initialize the clock. If the + // TPM shutdown was not orderly, then the persistent value is used and the safe + // attribute is clear. + UINT64 clock; // The orderly version of clock + TPMI_YES_NO clockSafe; // Indicates if the clock value is + // safe. + // In many implementations, the quality of the entropy available is not that + // high. To compensate, the current value of the drbgState can be saved and + // restored on each power cycle. This prevents the internal state from reverting + // to the initial state on each power cycle and starting with a limited amount + // of entropy. By keeping the old state and adding entropy, the entropy will + // accumulate. + DRBG_STATE drbgState; + // These values allow the accumulation of self-healing time across orderly shutdown + // of the TPM. +#if ACCUMULATE_SELF_HEAL_TIMER + UINT64 selfHealTimer; // current value of s_selfHealTimer + UINT64 lockoutTimer; // current value of s_lockoutTimer + UINT64 time; // current value of g_time at shutdown +#endif // ACCUMULATE_SELF_HEAL_TIMER + +#ifndef __ACT_DISABLED // libtpms added +#error ACT not supported in ORDERLY_DATA! + // These are the ACT Timeout values. They are saved with the other timers +#define DefineActData(N) ACT_STATE ACT_##N; + FOR_EACH_ACT(DefineActData) + + // this is the 'signaled' attribute data for all the ACT. It is done this way so + // that they can be manipulated by ACT number rather than having to access a + // structure. + UINT16 signaledACT; + UINT16 preservedSignaled; +#endif // libtpms added +} ORDERLY_DATA; +#if ACCUMULATE_SELF_HEAL_TIMER +#define s_selfHealTimer go.selfHealTimer +#define s_lockoutTimer go.lockoutTimer +#endif // ACCUMULATE_SELF_HEAL_TIMER +# define drbgDefault go.drbgState +EXTERN ORDERLY_DATA go; + +/* 5.9.11.4 STATE_CLEAR_DATA */ +/* This structure contains the data that is saved on Shutdown(STATE). and restored on + Startup(STATE). The values are set to their default settings on any Startup(Clear). In other + words the data is only persistent across TPM Resume. */ +/* If the comments associated with a parameter indicate a default reset value, the value is applied + on each Startup(CLEAR). */ +typedef struct state_clear_data +{ + //***************************************************************************** + // Hierarchy Control + //***************************************************************************** + BOOL shEnable; // default reset is SET + BOOL ehEnable; // default reset is SET + BOOL phEnableNV; // default reset is SET + TPMI_ALG_HASH platformAlg; // default reset is TPM_ALG_NULL + TPM2B_DIGEST platformPolicy; // default reset is an Empty Buffer + TPM2B_AUTH platformAuth; // default reset is an Empty Buffer + //***************************************************************************** + // PCR + //***************************************************************************** + // The set of PCR to be saved on Shutdown(STATE) + PCR_SAVE pcrSave; // default reset is 0...0 + // This structure hold the authorization values for those PCR that have an + // update authorization. + // This implementation only supports a single group of PCR controlled by + // authorization. If more are required, then this structure would be changed to + // an array. + PCR_AUTHVALUE pcrAuthValues; + +#ifndef __ACT_DISABLED // libtpms added + //***************************************************************************** + // ACT + //***************************************************************************** +#define DefineActPolicySpace(N) TPMT_HA act_##N; + FOR_EACH_ACT(DefineActPolicySpace) + +#endif // libtpms added +} STATE_CLEAR_DATA; +EXTERN STATE_CLEAR_DATA gc; + +/* 5.9.11.5 State Reset Data */ +/* This structure contains data is that is saved on Shutdown(STATE) and restored on the subsequent + Startup(ANY). That is, the data is preserved across TPM Resume and TPM Restart. */ +/* If a default value is specified in the comments this value is applied on TPM Reset. */ +typedef struct state_reset_data +{ + //***************************************************************************** + // Hierarchy Control + //***************************************************************************** + TPM2B_PROOF nullProof; // The proof value associated with + // the TPM_RH_NULL hierarchy. The + // default reset value is from the RNG. + TPM2B_SEED nullSeed; // The seed value for the TPM_RN_NULL + SEED_COMPAT_LEVEL nullSeedCompatLevel; // libtpms added + // hierarchy. The default reset value + // is from the RNG. + //***************************************************************************** + // Context + //***************************************************************************** + // The 'clearCount' counter is incremented each time the TPM successfully executes + // a TPM Resume. The counter is included in each saved context that has 'stClear' + // SET (including descendants of keys that have 'stClear' SET). This prevents these + // objects from being loaded after a TPM Resume. + // If 'clearCount' is at its maximum value when the TPM receives a Shutdown(STATE), + // the TPM will return TPM_RC_RANGE and the TPM will only accept Shutdown(CLEAR). + UINT32 clearCount; // The default reset value is 0. + UINT64 objectContextID; // This is the context ID for a saved + // object context. The default reset + // value is 0. + CONTEXT_SLOT contextArray[MAX_ACTIVE_SESSIONS]; // This array contains + // contains the values used to track + // the version numbers of saved + // contexts (see + // Session.c in for details). The + // default reset value is {0}. + CONTEXT_COUNTER contextCounter; // This is the value from which the + // 'contextID' is derived. The + // default reset value is {0}. + //***************************************************************************** + // Command Audit + //***************************************************************************** + // When an audited command completes, ExecuteCommand() checks the return + // value. If it is TPM_RC_SUCCESS, and the command is an audited command, the + // TPM will extend the cpHash and rpHash for the command to this value. If this + // digest was the Zero Digest before the cpHash was extended, the audit counter + // is incremented. + TPM2B_DIGEST commandAuditDigest; // This value is set to an Empty Digest + // by TPM2_GetCommandAuditDigest() or a + // TPM Reset. + //***************************************************************************** + // Boot counter + //***************************************************************************** + UINT32 restartCount; // This counter counts TPM Restarts. + // The default reset value is 0. + //********************************************************************************* + // PCR + //********************************************************************************* + // This counter increments whenever the PCR are updated. This counter is preserved + // across TPM Resume even though the PCR are not preserved. This is because + // sessions remain active across TPM Restart and the count value in the session + // is compared to this counter so this counter must have values that are unique + // as long as the sessions are active. + // NOTE: A platform-specific specification may designate that certain PCR changes + // do not increment this counter to increment. + UINT32 pcrCounter; // The default reset value is 0. +#if ALG_ECC + //***************************************************************************** + // ECDAA + //***************************************************************************** + UINT64 commitCounter; // This counter increments each time + // TPM2_Commit() returns + // TPM_RC_SUCCESS. The default reset + // value is 0. + TPM2B_NONCE commitNonce; // This random value is used to compute + // the commit values. The default reset + // value is from the RNG. + // This implementation relies on the number of bits in g_commitArray being a + // power of 2 (8, 16, 32, 64, etc.) and no greater than 64K. + BYTE commitArray[16]; // The default reset value is {0}. +#endif // ALG_ECC +} STATE_RESET_DATA; +EXTERN STATE_RESET_DATA gr; + + // libtpms added begin +/* The s_ContextSlotMask masks CONTEXT_SLOT values; this variable can have + * only two valid values, 0xff or 0xffff. The former is used to simulate + * a CONTEXT_SLOT defined as UINT8, the latter is used for the CONTEXT_SLOT + * when it is a UINT16. The original TPM 2 code uses a cast to CONTEXT_SLOT + * to truncate larger values and has been modified to use CONTEXT_SLOT_MASKED + * to achieve the same effect with the above two values. + * + * Using CONTEXT_SLOT_MASKED we make sure that when we write values into + * gr.contextArray that these values are properly masked/truncated so that + * when we read values from gr.contextArray that we don't have to mask + * them again. + * + * s_ContextSlotMask may only be initialized to 0xff when resuming an older + * state from the time when CONTEXT_SLOT was UINT8, otherwise it must be set + * to 0xffff. We set it to 0xffff in SessionStartup(SU_CLEAR) and to be + * able to save the TPM state really early (and restore it) also in + * TPM_Manufacture(). + */ +EXTERN CONTEXT_SLOT s_ContextSlotMask; +#define CONTEXT_SLOT_MASKED(val) ((CONTEXT_SLOT)(val) & s_ContextSlotMask) // libtpms added end + +/* 5.9.12 NV Layout */ +/* The NV data organization is */ +/* a) a PERSISTENT_DATA structure */ +/* b) a STATE_RESET_DATA structure */ +/* c) a STATE_CLEAR_DATA structure */ +/* d) an ORDERLY_DATA structure */ +/* e) the user defined NV index space */ + +/* libtpms added: to put certain data structure at fixed offsets + * to give the ones below some room to expand + */ +#define NV_PERSISTENT_DATA (0) +#define NV_STATE_RESET_DATA (NV_PERSISTENT_DATA + sizeof(PERSISTENT_DATA)) +#define NV_STATE_CLEAR_DATA (NV_STATE_RESET_DATA + sizeof(STATE_RESET_DATA)) +#define NV_ORDERLY_DATA (NV_STATE_CLEAR_DATA + sizeof(STATE_CLEAR_DATA)) +#define NV_INDEX_RAM_DATA TPM2_ROUNDUP(NV_ORDERLY_DATA + sizeof(ORDERLY_DATA),\ + 1024) /* libtpms added */ +#define NV_USER_DYNAMIC (NV_INDEX_RAM_DATA + sizeof(s_indexOrderlyRam)) +#define NV_USER_DYNAMIC_END NV_MEMORY_SIZE + +/* 5.9.13 Global Macro Definitions */ +/* The NV_READ_PERSISTENT and NV_WRITE_PERSISTENT macros are used to access members of the + PERSISTENT_DATA structure in NV. */ +#define NV_READ_PERSISTENT(to, from) \ + NvRead(&to, offsetof(PERSISTENT_DATA, from), sizeof(to)) +#define NV_WRITE_PERSISTENT(to, from) \ + NvWrite(offsetof(PERSISTENT_DATA, to), sizeof(gp.to), &from) +#define CLEAR_PERSISTENT(item) \ + NvClearPersistent(offsetof(PERSISTENT_DATA, item), sizeof(gp.item)) +#define NV_SYNC_PERSISTENT(item) NV_WRITE_PERSISTENT(item, gp.item) + +/* At the start of command processing, the index of the command is determined. This index value is + used to access the various data tables that contain per-command information. There are multiple + options for how the per-command tables can be implemented. This is resolved in + GetClosestCommandIndex(). */ +typedef UINT16 COMMAND_INDEX; +#define UNIMPLEMENTED_COMMAND_INDEX ((COMMAND_INDEX)(~0)) +#if 0 /* libtpms added */ +typedef struct _COMMAND_FLAGS_ +{ +#if LITTLE_ENDIAN_TPM == YES /* libtpms added */ + unsigned trialPolicy : 1; //1) If SET, one of the handles references a + // trial policy and authorization may be + // skipped. This is only allowed for a policy + // command. + unsigned reserved : 31; //2-31) /* libtpms added begin */ +#endif +#if BIG_ENDIAN_TPM == YES + unsigned reserved : 31; //2-31) + unsigned trialPolicy : 1; //1) If SET, one of the handles references a +#endif /* libtpms added end */ +} COMMAND_FLAGS; +#endif /* libtpms added */ + +/* This structure is used to avoid having to manage a large number of parameters being passed + through various levels of the command input processing. + + The following macros are used to define the space for the CP and RP hashes. Space is provided + for each implemented hash algorithm because it is not known what the caller may use. +*/ + +#define CP_HASH(HASH, Hash) TPM2B_##HASH##_DIGEST Hash##CpHash; +#define RP_HASH(HASH, Hash) TPM2B_##HASH##_DIGEST Hash##RpHash; + +typedef struct _COMMAND_ +{ + TPM_ST tag; // the parsed command tag + TPM_CC code; // the parsed command code + COMMAND_INDEX index; // the computed command index + UINT32 handleNum; // the number of entity handles in the + // handle area of the command + TPM_HANDLE handles[MAX_HANDLE_NUM]; // the parsed handle values + UINT32 sessionNum; // the number of sessions found + INT32 parameterSize; // starts out with the parsed command size + // and is reduced and values are unmarshaled. Just before calling the command actions, this + // should be zero. After the command actions, this number should grow as values are marshaled + // in to the response buffer. + INT32 authSize; // this is initialized with the parsed size + // of authorizationSize field and should be zero when the authorizations are parsed. + BYTE *parameterBuffer; // input to ExecuteCommand + BYTE *responseBuffer; // input to ExecuteCommand + FOR_EACH_HASH(CP_HASH) // space for the CP hashes + FOR_EACH_HASH(RP_HASH) // space for the RP hashes +} COMMAND; + +// Global string constants for consistency in KDF function calls. These string constants are shared +// across functions to make sure that they are all using consistent string values. +#define STRING_INITIALIZER(value) {{sizeof(value), {value}}} +#define TPM2B_STRING(name, value) \ + typedef union name##_ { \ + struct { \ + UINT16 size; \ + BYTE buffer[sizeof(value)]; \ + } t; \ + TPM2B b; \ + } TPM2B_##name##_; \ + EXTERN const TPM2B_##name##_ name##_ INITIALIZER(STRING_INITIALIZER(value)); \ + EXTERN const TPM2B *name INITIALIZER(&name##_.b) +TPM2B_STRING(PRIMARY_OBJECT_CREATION, "Primary Object Creation"); +TPM2B_STRING(CFB_KEY, "CFB"); +TPM2B_STRING(CONTEXT_KEY, "CONTEXT"); +TPM2B_STRING(INTEGRITY_KEY, "INTEGRITY"); +TPM2B_STRING(SECRET_KEY, "SECRET"); +TPM2B_STRING(SESSION_KEY, "ATH"); +TPM2B_STRING(STORAGE_KEY, "STORAGE"); +TPM2B_STRING(XOR_KEY, "XOR"); +TPM2B_STRING(COMMIT_STRING, "ECDAA Commit"); +TPM2B_STRING(DUPLICATE_STRING, "DUPLICATE"); +TPM2B_STRING(IDENTITY_STRING, "IDENTITY"); +TPM2B_STRING(OBFUSCATE_STRING, "OBFUSCATE"); +#if SELF_TEST +TPM2B_STRING(OAEP_TEST_STRING, "OAEP Test Value"); +#endif // SELF_TEST + +// 5.9.14 From CryptTest.c +// This structure contains the self-test state values for the cryptographic modules. +EXTERN CRYPTO_SELF_TEST_STATE g_cryptoSelfTestState; + +/* 5.9.15 From Manufacture.c */ +EXTERN BOOL g_manufactured; +/* This value indicates if a TPM2_Startup() commands has been receive since the power on event. + This flag is maintained in power simulation module because this is the only place that may + reliably set this flag to FALSE. */ +EXTERN BOOL g_initialized; + +/* 5.9.16 Private data */ +#if defined SESSION_PROCESS_C || defined GLOBAL_C || defined MANUFACTURE_C +/* From SessionProcess.c */ +/* The following arrays are used to save command sessions information so that the command + handle/session buffer does not have to be preserved for the duration of the command. These arrays + are indexed by the session index in accordance with the order of sessions in the session area of + the command. */ + +/* Array of the authorization session handles */ +EXTERN TPM_HANDLE s_sessionHandles[MAX_SESSION_NUM]; + +/* Array of authorization session attributes */ +EXTERN TPMA_SESSION s_attributes[MAX_SESSION_NUM]; + +/* Array of handles authorized by the corresponding authorization sessions; and if none, then + TPM_RH_UNASSIGNED value is used */ + +EXTERN TPM_HANDLE s_associatedHandles[MAX_SESSION_NUM]; + +/* Array of nonces provided by the caller for the corresponding sessions */ +EXTERN TPM2B_NONCE s_nonceCaller[MAX_SESSION_NUM]; + +/* Array of authorization values (HMAC's or passwords) for the corresponding sessions */ +EXTERN TPM2B_AUTH s_inputAuthValues[MAX_SESSION_NUM]; + +/* Array of pointers to the SESSION structures for the sessions in a command */ +EXTERN SESSION *s_usedSessions[MAX_SESSION_NUM]; + +/* Special value to indicate an undefined session index */ +#define UNDEFINED_INDEX (0xFFFF) +/* Index of the session used for encryption of a response parameter */ +EXTERN UINT32 s_encryptSessionIndex; + +/* Index of the session used for decryption of a command parameter */ +EXTERN UINT32 s_decryptSessionIndex; + +/* Index of a session used for audit */ +EXTERN UINT32 s_auditSessionIndex; + +/* The cpHash for command audit */ +#if CC_GetCommandAuditDigest +EXTERN TPM2B_DIGEST s_cpHashForCommandAudit; +#endif + +/* Flag indicating if NV update is pending for the lockOutAuthEnabled or failedTries DA parameter */ +EXTERN BOOL s_DAPendingOnNV; + +#endif // SESSION_PROCESS_C + +/* 5.9.16.2 From DA.c */ +#if defined DA_C || defined GLOBAL_C || defined MANUFACTURE_C + +/* From DA.c */ +/* This variable holds the accumulated time since the last time that failedTries was + decremented. This value is in millisecond. */ + +#if !ACCUMULATE_SELF_HEAL_TIMER +EXTERN UINT64 s_selfHealTimer; + +/* This variable holds the accumulated time that the lockoutAuth has been blocked. */ +EXTERN UINT64 s_lockoutTimer; + +#endif // ACCUMULATE_SELF_HEAL_TIMER +#endif // DA_C + +/* 5.9.16.3 From NV.c */ + +#if defined NV_C || defined GLOBAL_C + +/* From NV.c */ +/* This marks the end of the NV area. This is a run-time variable as it might not be compile-time + constant. */ +EXTERN NV_REF s_evictNvEnd; + +/* This space is used to hold the index data for an orderly Index. It also contains the attributes + for the index. */ +EXTERN BYTE s_indexOrderlyRam[RAM_INDEX_SPACE]; // The orderly NV Index data + +/* This value contains the current max counter value. It is written to the end of allocatable NV + space each time an index is deleted or added. This value is initialized on Startup. The indices + are searched and the maximum of all the current counter indices and this value is the initial + value for this. */ +EXTERN UINT64 s_maxCounter; + +/* This is space used for the NV Index cache. As with a persistent object, the contents of a + referenced index are copied into the cache so that the NV Index memory scanning and data copying + can be reduced. Only code that operates on NV Index data should use this cache directly. When + that action code runs, s_lastNvIndex will contain the index header information. It will have been + loaded when the handles were verified. */ +/* NOTE: An NV index handle can appear in many commands that do not operate on the NV data + (e.g. TPM2_StartAuthSession()). However, only one NV Index at a time is ever directly referenced + by any command. If that changes, then the NV Index caching needs to be changed to accommodate + that. Currently, the code will verify that only one NV Index is referenced by the handles of the + command. */ + +EXTERN NV_INDEX s_cachedNvIndex; +EXTERN NV_REF s_cachedNvRef; +EXTERN BYTE *s_cachedNvRamRef; + +/* Initial NV Index/evict object iterator value */ +#define NV_REF_INIT (NV_REF)0xFFFFFFFF +#endif + +/* 5.9.16.4 From Object.c */ +#if defined OBJECT_C || defined GLOBAL_C + +/* This type is the container for an object. */ + +EXTERN OBJECT s_objects[MAX_LOADED_OBJECTS]; +#endif // OBJECT_C + +/* 5.9.17.5 From PCR.c */ + +#if defined PCR_C || defined GLOBAL_C + +/* The following macro is used to define the per-implemented-hash space. This implementation + reserves space for all implemented hashes. */ + +#define PCR_ALL_HASH(HASH, Hash) BYTE Hash##Pcr[HASH##_DIGEST_SIZE]; + +typedef struct +{ + FOR_EACH_HASH(PCR_ALL_HASH) +} PCR; + +typedef struct +{ + unsigned int stateSave : 1; // if the PCR value should be + // saved in state save + unsigned int resetLocality : 5; // The locality that the PCR + // can be reset + unsigned int extendLocality : 5; // The locality that the PCR + // can be extend +} PCR_Attributes; +EXTERN PCR s_pcrs[IMPLEMENTATION_PCR]; +#endif // PCR_C + +/* 5.9.16.6 From Session.c */ + +#if defined SESSION_C || defined GLOBAL_C + +/* Container for HMAC or policy session tracking information */ +typedef struct +{ + BOOL occupied; + SESSION session; // session structure +} SESSION_SLOT; +EXTERN SESSION_SLOT s_sessions[MAX_LOADED_SESSIONS]; +/* The index in contextArray that has the value of the oldest saved session context. When no context + is saved, this will have a value that is greater than or equal to MAX_ACTIVE_SESSIONS. */ + +EXTERN UINT32 s_oldestSavedSession; +/* The number of available session slot openings. When this is 1, a session can't be created or + loaded if the GAP is maxed out. The exception is that the oldest saved session context can always + be loaded (assuming that there is a space in memory to put it) */ +EXTERN int s_freeSessionSlots; + +#endif // SESSION_C + +/* 5.9.16.7 From IoBuffers.c */ + +#if defined IO_BUFFER_C || defined GLOBAL_C + +/* The value of s_actionIoAllocation is the number of UINT64 values allocated. It is used to set the + pointer for the response structure. */ +EXTERN UINT64 s_actionIoBuffer[768]; // action I/O buffer +EXTERN UINT32 s_actionIoAllocation; // number of UIN64 allocated for the action input + // structure +#endif // MEMORY_LIB_C + +/* 5.9.16.8 From TPMFail.c */ + +/* This value holds the address of the string containing the name of the function in which the + failure occurred. This address value isn't useful for anything other than helping the vendor to + know in which file the failure occurred. */ +EXTERN BOOL g_inFailureMode; // Indicates that the TPM is in failure mode +#if SIMULATION +EXTERN BOOL g_forceFailureMode; // flag to force failure mode during test +#endif +typedef void(FailFunction)(const char *function, int line, int code); +#if defined TPM_FAIL_C || defined GLOBAL_C || 1 +EXTERN UINT32 s_failFunction; +EXTERN UINT32 s_failLine; // the line in the file at which +// the error was signaled +EXTERN UINT32 s_failCode; // the error code used +EXTERN FailFunction *LibFailCallback; +#endif // TPM_FAIL_C + +//***************************************************************************** +//*** From ACT_spt.c +//***************************************************************************** +// This value is used to indicate if an ACT has been updated since the last +// TPM2_Startup() (one bit for each ACT). If the ACT is not updated +// (TPM2_ACT_SetTimeout()) after a startup, then on each TPM2_Shutdown() the TPM will +// save 1/2 of the current timer value. This prevents an attack on the ACT by saving +// the counter and then running for a long period of time before doing a TPM Restart. +// A quick TPM2_Shutdown() after each +EXTERN UINT16 s_ActUpdated; + +/* 5.9.16.9 From CommandCodeAttributes.c */ + +extern const TPMA_CC s_ccAttr[]; +extern const COMMAND_ATTRIBUTES s_commandAttributes[]; + +#endif // GLOBAL_H |