1/** @addtogroup MC_CONTAINER mcContainer - Containers for MobiCore Content Management. 2 * @ingroup MC_DATA_TYPES 3 * @{ 4 * 5 * <!-- Copyright Giesecke & Devrient GmbH 2009-2012 --> 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 3. The name of the author may not be used to endorse or promote 16 * products derived from this software without specific prior 17 * written permission. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS 20 * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 21 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 22 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY 23 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE 25 * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 26 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, 27 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 28 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 29 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 30 */ 31#ifndef MC_CONTAINER_H_ 32#define MC_CONTAINER_H_ 33 34#include <stdint.h> 35 36#include "mcRootid.h" 37#include "mcSpid.h" 38#include "mcUuid.h" 39#include "mcSo.h" 40#include "mcSuid.h" 41 42#define CONTAINER_VERSION_MAJOR 2 43#define CONTAINER_VERSION_MINOR 0 44 45#define CONTAINER_FORMAT_SO21 1 46 47#define MC_CONT_SYMMETRIC_KEY_SIZE 32 48#define MC_CONT_PUBLIC_KEY_SIZE 320 49#define MC_CONT_CHILDREN_COUNT 16 50#define MC_DATA_CONT_MAX_DATA_SIZE 2048 51#define MC_TLT_CODE_HASH_SIZE 32 52 53#define MC_BYTES_TO_WORDS(bytes) ( (bytes) / sizeof(uint32_t) ) 54#define MC_ENUM_32BIT_SPACER ((int32_t)-1) 55 56typedef uint32_t mcContVersion_t; 57 58/** Personalization Data ID. */ 59typedef struct { 60 uint32_t data; 61} mcPid_t; 62 63typedef struct { 64 uint32_t keydata[MC_BYTES_TO_WORDS(MC_CONT_SYMMETRIC_KEY_SIZE)]; 65} mcSymmetricKey_t; 66 67typedef struct { 68 uint32_t keydata[MC_BYTES_TO_WORDS(MC_CONT_PUBLIC_KEY_SIZE)]; 69} mcPublicKey_t; 70 71typedef mcSpid_t spChild_t[MC_CONT_CHILDREN_COUNT]; 72 73typedef mcUuid_t mcUuidChild_t[MC_CONT_CHILDREN_COUNT]; 74 75/** Content management container states. 76 */ 77typedef enum { 78 /** Container state unregistered. */ 79 MC_CONT_STATE_UNREGISTERED = 0, 80 /** Container is registered. */ 81 MC_CONT_STATE_REGISTERED = 1, 82 /** Container is activated. */ 83 MC_CONT_STATE_ACTIVATED = 2, 84 /** Container is locked by root. */ 85 MC_CONT_STATE_ROOT_LOCKED = 3, 86 /** Container is locked by service provider. */ 87 MC_CONT_STATE_SP_LOCKED = 4, 88 /** Container is locked by root and service provider. */ 89 MC_CONT_STATE_ROOT_SP_LOCKED = 5, 90 /** Dummy: ensure that enum is 32 bits wide. */ 91 MC_CONT_ATTRIB_SPACER = MC_ENUM_32BIT_SPACER 92} mcContainerState_t; 93 94/** Content management container attributes. 95 */ 96typedef struct { 97 mcContainerState_t state; 98} mcContainerAttribs_t; 99 100/** Container types. */ 101typedef enum { 102 /** SOC container. */ 103 CONT_TYPE_SOC = 0, 104 /** Root container. */ 105 CONT_TYPE_ROOT, 106 /** Service provider container. */ 107 CONT_TYPE_SP, 108 /** Trustlet container. */ 109 CONT_TYPE_TLCON, 110 /** Service provider data. */ 111 CONT_TYPE_SPDATA, 112 /** Trustlet data. */ 113 CONT_TYPE_TLDATA 114} contType_t; 115 116 117/** @defgroup MC_CONTAINER_CRYPTO_OBJECTS Container secrets. 118 * Data that is stored encrypted within the container. 119 * @{ */ 120 121/** SoC secret */ 122typedef struct { 123 mcSymmetricKey_t kSocAuth; 124} mcCoSocCont_t; 125 126/** */ 127typedef struct { 128 mcSymmetricKey_t kRootAuth; 129} mcCoRootCont_t; 130 131/** */ 132typedef struct { 133 mcSymmetricKey_t kSpAuth; 134} mcCoSpCont_t; 135 136/** */ 137typedef struct { 138 mcSymmetricKey_t kTl; 139} mcCoTltCont_t; 140 141/** */ 142typedef struct { 143 uint8_t data[MC_DATA_CONT_MAX_DATA_SIZE]; 144} mcCoDataCont_t; 145 146/** */ 147typedef union { 148 mcSpid_t spid; 149 mcUuid_t uuid; 150} mcCid_t; 151 152/** @} */ 153 154/** @defgroup MC_CONTAINER_CONTAINER_OBJECTS Container definitions. 155 * Container type definitions. 156 * @{ */ 157 158/** SoC Container */ 159typedef struct { 160 contType_t type; 161 uint32_t version; 162 mcContainerAttribs_t attribs; 163 mcSuid_t suid; 164 // Secrets. 165 mcCoSocCont_t co; 166} mcSocCont_t; 167 168/** */ 169typedef struct { 170 contType_t type; 171 uint32_t version; 172 mcContainerAttribs_t attribs; 173 mcSuid_t suid; 174 mcRootid_t rootid; 175 spChild_t children; 176 // Secrets. 177 mcCoRootCont_t co; 178} mcRootCont_t; 179 180/** */ 181typedef struct { 182 contType_t type; 183 uint32_t version; 184 mcContainerAttribs_t attribs; 185 mcSpid_t spid; 186 mcUuidChild_t children; 187 // Secrets. 188 mcCoSpCont_t co; 189} mcSpCont_t; 190 191/** */ 192typedef struct { 193 contType_t type; 194 uint32_t version; 195 mcContainerAttribs_t attribs; 196 mcSpid_t parent; 197 mcUuid_t uuid; 198 // Secrets. 199 mcCoTltCont_t co; 200} mcTltCont_t; 201 202/** */ 203typedef struct { 204 contType_t type; 205 uint32_t version; 206 mcUuid_t uuid; 207 mcPid_t pid; 208 // Secrets. 209 mcCoDataCont_t co; 210} mcDataCont_t; 211 212/** @} */ 213 214/** Calculates the total size of the secure object hash and padding for a given 215 * container. 216 * @param contTotalSize Total size of the container (sum of plain and encrypted 217 * parts). 218 * @param contCoSize Size/length of the encrypted container part ("crypto 219 * object"). 220 * @return Total size of hash and padding for given container. 221 */ 222#if CONTAINER_FORMAT_SO21 223 #define SO_CONT_HASH_AND_PAD_SIZE(contTotalSize, contCoSize) ( \ 224 MC_SO_SIZE_F21((contTotalSize) - (contCoSize), (contCoSize)) \ 225 - sizeof(mcSoHeader_t) \ 226 - (contTotalSize) ) 227#else 228 #define SO_CONT_HASH_AND_PAD_SIZE(contTotalSize, contCoSize) ( \ 229 MC_SO_SIZE((contTotalSize) - (contCoSize), (contCoSize)) \ 230 - sizeof(mcSoHeader_t) \ 231 - (contTotalSize) ) 232#endif 233 234/** @defgroup MC_CONTAINER_SECURE_OBJECTS Containers in secure objects. 235 * Secure objects wrapping different containers. 236 * @{ */ 237 238/** Authentication token */ 239typedef struct { 240 mcSoHeader_t soHeader; 241 mcSocCont_t coSoc; 242 uint8_t hashAndPad[SO_CONT_HASH_AND_PAD_SIZE(sizeof(mcSocCont_t), sizeof(mcCoSocCont_t))]; 243} mcSoAuthTokenCont_t; 244 245/** Root container */ 246typedef struct { 247 mcSoHeader_t soHeader; 248 mcRootCont_t cont; 249 uint8_t hashAndPad[SO_CONT_HASH_AND_PAD_SIZE(sizeof(mcRootCont_t), sizeof(mcCoRootCont_t))]; 250} mcSoRootCont_t; 251 252/** */ 253typedef struct { 254 mcSoHeader_t soHeader; 255 mcSpCont_t cont; 256 uint8_t hashAndPad[SO_CONT_HASH_AND_PAD_SIZE(sizeof(mcSpCont_t), sizeof(mcCoSpCont_t))]; 257} mcSoSpCont_t; 258 259/** */ 260typedef struct { 261 mcSoHeader_t soHeader; 262 mcTltCont_t cont; 263 uint8_t hashAndPad[SO_CONT_HASH_AND_PAD_SIZE(sizeof(mcTltCont_t), sizeof(mcCoTltCont_t))]; 264} mcSoTltCont_t; 265 266/** */ 267typedef struct { 268 mcSoHeader_t soHeader; 269 mcDataCont_t cont; 270 uint8_t hashAndPad[SO_CONT_HASH_AND_PAD_SIZE(sizeof(mcDataCont_t), sizeof(mcCoDataCont_t))]; 271} mcSoDataCont_t; 272 273/** */ 274typedef struct { 275 mcSoRootCont_t soRoot; 276 mcSoSpCont_t soSp; 277 mcSoTltCont_t soTlt; 278} mcSoContainerPath_t; 279 280/** @} */ 281 282#endif // MC_CONTAINER_H_ 283 284/** @} */ 285