1/*++ 2 3Copyright (c) 2005 - 2010, Intel Corporation. All rights reserved.<BR> 4This program and the accompanying materials 5are licensed and made available under the terms and conditions of the BSD License 6which accompanies this distribution. The full text of the license may be found at 7http://opensource.org/licenses/bsd-license.php 8 9THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, 10WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. 11 12Module Name: 13 14 Tpm12.h 15 16Abstract: 17 18 TPM Specification data structures (TCG TPM Specification Version 1.2 Revision 103) 19 20 See http://trustedcomputinggroup.org for latest specification updates 21 22--*/ 23 24#ifndef _TPM12_H_ 25#define _TPM12_H_ 26 27// 28// Structures are all packed on 1-byte alignment 29// 30 31#ifndef __GNUC__ 32#pragma pack (push) 33#pragma pack (1) 34#endif 35 36// 37// Part 2, section 2.2: Basic types & Helper redefinitions 38// 39typedef UINT8 TPM_AUTH_DATA_USAGE; 40typedef UINT8 TPM_PAYLOAD_TYPE; 41typedef UINT8 TPM_VERSION_BYTE; 42typedef UINT8 TPM_DA_STATE; 43typedef UINT16 TPM_TAG; 44typedef UINT16 TPM_PROTOCOL_ID; 45typedef UINT16 TPM_STARTUP_TYPE; 46typedef UINT16 TPM_ENC_SCHEME; 47typedef UINT16 TPM_SIG_SCHEME; 48typedef UINT16 TPM_MIGRATE_SCHEME; 49typedef UINT16 TPM_PHYSICAL_PRESENCE; 50typedef UINT16 TPM_ENTITY_TYPE; 51typedef UINT16 TPM_KEY_USAGE; 52typedef UINT16 TPM_EK_TYPE; 53typedef UINT16 TPM_STRUCTURE_TAG; 54typedef UINT16 TPM_PLATFORM_SPECIFIC; 55typedef UINT32 TPM_COMMAND_CODE; 56typedef UINT32 TPM_CAPABILITY_AREA; 57typedef UINT32 TPM_KEY_FLAGS; 58typedef UINT32 TPM_ALGORITHM_ID; 59typedef UINT32 TPM_MODIFIER_INDICATOR; 60typedef UINT32 TPM_ACTUAL_COUNT; 61typedef UINT32 TPM_TRANSPORT_ATTRIBUTES; 62typedef UINT32 TPM_AUTHHANDLE; 63typedef UINT32 TPM_DIRINDEX; 64typedef UINT32 TPM_KEY_HANDLE; 65typedef UINT32 TPM_PCRINDEX; 66typedef UINT32 TPM_RESULT; 67typedef UINT32 TPM_RESOURCE_TYPE; 68typedef UINT32 TPM_KEY_CONTROL; 69typedef UINT32 TPM_NV_INDEX; 70typedef UINT32 TPM_FAMILY_ID; 71typedef UINT32 TPM_FAMILY_VERIFICATION; 72typedef UINT32 TPM_STARTUP_EFFECTS; 73typedef UINT32 TPM_SYM_MODE; 74typedef UINT32 TPM_FAMILY_FLAGS; 75typedef UINT32 TPM_DELEGATE_INDEX; 76typedef UINT32 TPM_CMK_DELEGATE; 77typedef UINT32 TPM_COUNT_ID; 78typedef UINT32 TPM_REDIT_COMMAND; 79typedef UINT32 TPM_TRANSHANDLE; 80typedef UINT32 TPM_HANDLE; 81typedef UINT32 TPM_FAMILY_OPERATION; 82 83// 84// Part 2, section 2.2.4: Vendor specific 85// The following defines allow for the quick specification of a 86// vendor specific item. 87// 88#define TPM_Vendor_Specific32 ((UINT32) 0x00000400) 89#define TPM_Vendor_Specific8 ((UINT8) 0x80) 90 91// 92// Part 2, section 3.1: Structure TAGs 93// 94#define TPM_TAG_CONTEXTBLOB ((TPM_STRUCTURE_TAG) 0x0001) 95#define TPM_TAG_CONTEXT_SENSITIVE ((TPM_STRUCTURE_TAG) 0x0002) 96#define TPM_TAG_CONTEXTPOINTER ((TPM_STRUCTURE_TAG) 0x0003) 97#define TPM_TAG_CONTEXTLIST ((TPM_STRUCTURE_TAG) 0x0004) 98#define TPM_TAG_SIGNINFO ((TPM_STRUCTURE_TAG) 0x0005) 99#define TPM_TAG_PCR_INFO_LONG ((TPM_STRUCTURE_TAG) 0x0006) 100#define TPM_TAG_PERSISTENT_FLAGS ((TPM_STRUCTURE_TAG) 0x0007) 101#define TPM_TAG_VOLATILE_FLAGS ((TPM_STRUCTURE_TAG) 0x0008) 102#define TPM_TAG_PERSISTENT_DATA ((TPM_STRUCTURE_TAG) 0x0009) 103#define TPM_TAG_VOLATILE_DATA ((TPM_STRUCTURE_TAG) 0x000A) 104#define TPM_TAG_SV_DATA ((TPM_STRUCTURE_TAG) 0x000B) 105#define TPM_TAG_EK_BLOB ((TPM_STRUCTURE_TAG) 0x000C) 106#define TPM_TAG_EK_BLOB_AUTH ((TPM_STRUCTURE_TAG) 0x000D) 107#define TPM_TAG_COUNTER_VALUE ((TPM_STRUCTURE_TAG) 0x000E) 108#define TPM_TAG_TRANSPORT_INTERNAL ((TPM_STRUCTURE_TAG) 0x000F) 109#define TPM_TAG_TRANSPORT_LOG_IN ((TPM_STRUCTURE_TAG) 0x0010) 110#define TPM_TAG_TRANSPORT_LOG_OUT ((TPM_STRUCTURE_TAG) 0x0011) 111#define TPM_TAG_AUDIT_EVENT_IN ((TPM_STRUCTURE_TAG) 0x0012) 112#define TPM_TAG_AUDIT_EVENT_OUT ((TPM_STRUCTURE_TAG) 0x0013) 113#define TPM_TAG_CURRENT_TICKS ((TPM_STRUCTURE_TAG) 0x0014) 114#define TPM_TAG_KEY ((TPM_STRUCTURE_TAG) 0x0015) 115#define TPM_TAG_STORED_DATA12 ((TPM_STRUCTURE_TAG) 0x0016) 116#define TPM_TAG_NV_ATTRIBUTES ((TPM_STRUCTURE_TAG) 0x0017) 117#define TPM_TAG_NV_DATA_PUBLIC ((TPM_STRUCTURE_TAG) 0x0018) 118#define TPM_TAG_NV_DATA_SENSITIVE ((TPM_STRUCTURE_TAG) 0x0019) 119#define TPM_TAG_DELEGATIONS ((TPM_STRUCTURE_TAG) 0x001A) 120#define TPM_TAG_DELEGATE_PUBLIC ((TPM_STRUCTURE_TAG) 0x001B) 121#define TPM_TAG_DELEGATE_TABLE_ROW ((TPM_STRUCTURE_TAG) 0x001C) 122#define TPM_TAG_TRANSPORT_AUTH ((TPM_STRUCTURE_TAG) 0x001D) 123#define TPM_TAG_TRANSPORT_PUBLIC ((TPM_STRUCTURE_TAG) 0x001E) 124#define TPM_TAG_PERMANENT_FLAGS ((TPM_STRUCTURE_TAG) 0x001F) 125#define TPM_TAG_STCLEAR_FLAGS ((TPM_STRUCTURE_TAG) 0x0020) 126#define TPM_TAG_STANY_FLAGS ((TPM_STRUCTURE_TAG) 0x0021) 127#define TPM_TAG_PERMANENT_DATA ((TPM_STRUCTURE_TAG) 0x0022) 128#define TPM_TAG_STCLEAR_DATA ((TPM_STRUCTURE_TAG) 0x0023) 129#define TPM_TAG_STANY_DATA ((TPM_STRUCTURE_TAG) 0x0024) 130#define TPM_TAG_FAMILY_TABLE_ENTRY ((TPM_STRUCTURE_TAG) 0x0025) 131#define TPM_TAG_DELEGATE_SENSITIVE ((TPM_STRUCTURE_TAG) 0x0026) 132#define TPM_TAG_DELG_KEY_BLOB ((TPM_STRUCTURE_TAG) 0x0027) 133#define TPM_TAG_KEY12 ((TPM_STRUCTURE_TAG) 0x0028) 134#define TPM_TAG_CERTIFY_INFO2 ((TPM_STRUCTURE_TAG) 0x0029) 135#define TPM_TAG_DELEGATE_OWNER_BLOB ((TPM_STRUCTURE_TAG) 0x002A) 136#define TPM_TAG_EK_BLOB_ACTIVATE ((TPM_STRUCTURE_TAG) 0x002B) 137#define TPM_TAG_DAA_BLOB ((TPM_STRUCTURE_TAG) 0x002C) 138#define TPM_TAG_DAA_CONTEXT ((TPM_STRUCTURE_TAG) 0x002D) 139#define TPM_TAG_DAA_ENFORCE ((TPM_STRUCTURE_TAG) 0x002E) 140#define TPM_TAG_DAA_ISSUER ((TPM_STRUCTURE_TAG) 0x002F) 141#define TPM_TAG_CAP_VERSION_INFO ((TPM_STRUCTURE_TAG) 0x0030) 142#define TPM_TAG_DAA_SENSITIVE ((TPM_STRUCTURE_TAG) 0x0031) 143#define TPM_TAG_DAA_TPM ((TPM_STRUCTURE_TAG) 0x0032) 144#define TPM_TAG_CMK_MIGAUTH ((TPM_STRUCTURE_TAG) 0x0033) 145#define TPM_TAG_CMK_SIGTICKET ((TPM_STRUCTURE_TAG) 0x0034) 146#define TPM_TAG_CMK_MA_APPROVAL ((TPM_STRUCTURE_TAG) 0x0035) 147#define TPM_TAG_QUOTE_INFO2 ((TPM_STRUCTURE_TAG) 0x0036) 148#define TPM_TAG_DA_INFO ((TPM_STRUCTURE_TAG) 0x0037) 149#define TPM_TAG_DA_LIMITED ((TPM_STRUCTURE_TAG) 0x0038) 150#define TPM_TAG_DA_ACTION_TYPE ((TPM_STRUCTURE_TAG) 0x0039) 151 152// 153// Part 2, section 4: TPM Types 154// 155 156// 157// Part 2, section 4.1: TPM_RESOURCE_TYPE 158// 159#define TPM_RT_KEY ((TPM_RESOURCE_TYPE) 0x00000001) // The handle is a key handle and is the result of a LoadKey type operation 160#define TPM_RT_AUTH ((TPM_RESOURCE_TYPE) 0x00000002) // The handle is an authorization handle. Auth handles come from TPM_OIAP, TPM_OSAP and TPM_DSAP 161#define TPM_RT_HASH ((TPM_RESOURCE_TYPE) 0x00000003) // Reserved for hashes 162#define TPM_RT_TRANS ((TPM_RESOURCE_TYPE) 0x00000004) // The handle is for a transport session. Transport handles come from TPM_EstablishTransport 163#define TPM_RT_CONTEXT ((TPM_RESOURCE_TYPE) 0x00000005) // Resource wrapped and held outside the TPM using the context save/restore commands 164#define TPM_RT_COUNTER ((TPM_RESOURCE_TYPE) 0x00000006) // Reserved for counters 165#define TPM_RT_DELEGATE ((TPM_RESOURCE_TYPE) 0x00000007) // The handle is for a delegate row. These are the internal rows held in NV storage by the TPM 166#define TPM_RT_DAA_TPM ((TPM_RESOURCE_TYPE) 0x00000008) // The value is a DAA TPM specific blob 167#define TPM_RT_DAA_V0 ((TPM_RESOURCE_TYPE) 0x00000009) // The value is a DAA V0 parameter 168#define TPM_RT_DAA_V1 ((TPM_RESOURCE_TYPE) 0x0000000A) // The value is a DAA V1 parameter 169 170// 171// Part 2, section 4.2: TPM_PAYLOAD_TYPE 172// 173#define TPM_PT_ASYM ((TPM_PAYLOAD_TYPE) 0x01) // The entity is an asymmetric key 174#define TPM_PT_BIND ((TPM_PAYLOAD_TYPE) 0x02) // The entity is bound data 175#define TPM_PT_MIGRATE ((TPM_PAYLOAD_TYPE) 0x03) // The entity is a migration blob 176#define TPM_PT_MAINT ((TPM_PAYLOAD_TYPE) 0x04) // The entity is a maintenance blob 177#define TPM_PT_SEAL ((TPM_PAYLOAD_TYPE) 0x05) // The entity is sealed data 178#define TPM_PT_MIGRATE_RESTRICTED ((TPM_PAYLOAD_TYPE) 0x06) // The entity is a restricted-migration asymmetric key 179#define TPM_PT_MIGRATE_EXTERNAL ((TPM_PAYLOAD_TYPE) 0x07) // The entity is a external migratable key 180#define TPM_PT_CMK_MIGRATE ((TPM_PAYLOAD_TYPE) 0x08) // The entity is a CMK migratable blob 181#define TPM_PT_VENDOR_SPECIFIC ((TPM_PAYLOAD_TYPE) 0x80) // 0x80 - 0xFF Vendor specific payloads 182 183// 184// Part 2, section 4.3: TPM_ENTIRY_TYPE 185// 186#define TPM_ET_KEYHANDLE ((UINT16) 0x0001) // The entity is a keyHandle or key 187#define TPM_ET_OWNER ((UINT16) 0x0002) // The entity is the TPM Owner 188#define TPM_ET_DATA ((UINT16) 0x0003) // The entity is some data 189#define TPM_ET_SRK ((UINT16) 0x0004) // The entity is the SRK 190#define TPM_ET_KEY ((UINT16) 0x0005) // The entity is a key or keyHandle 191#define TPM_ET_REVOKE ((UINT16) 0x0006) // The entity is the RevokeTrust value 192#define TPM_ET_DEL_OWNER_BLOB ((UINT16) 0x0007) // The entity is a delegate owner blob 193#define TPM_ET_DEL_ROW ((UINT16) 0x0008) // The entity is a delegate row 194#define TPM_ET_DEL_KEY_BLOB ((UINT16) 0x0009) // The entity is a delegate key blob 195#define TPM_ET_COUNTER ((UINT16) 0x000A) // The entity is a counter 196#define TPM_ET_NV ((UINT16) 0x000B) // The entity is a NV index 197#define TPM_ET_OPERATOR ((UINT16) 0x000C) // The entity is the operator 198#define TPM_ET_RESERVED_HANDLE ((UINT16) 0x0040) // Reserved. This value avoids collisions with the handle MSB setting. 199// 200// TPM_ENTITY_TYPE MSB Values: The MSB is used to indicate the ADIP encryption sheme when applicable 201// 202#define TPM_ET_XOR ((UINT16) 0x0000) // ADIP encryption scheme: XOR 203#define TPM_ET_AES128 ((UINT16) 0x0006) // ADIP encryption scheme: AES 128 bits 204 205// 206// Part 2, section 4.4.1: Reserved Key Handles 207// 208#define TPM_KH_SRK ((TPM_KEY_HANDLE) 0x40000000) // The handle points to the SRK 209#define TPM_KH_OWNER ((TPM_KEY_HANDLE) 0x40000001) // The handle points to the TPM Owner 210#define TPM_KH_REVOKE ((TPM_KEY_HANDLE) 0x40000002) // The handle points to the RevokeTrust value 211#define TPM_KH_TRANSPORT ((TPM_KEY_HANDLE) 0x40000003) // The handle points to the EstablishTransport static authorization 212#define TPM_KH_OPERATOR ((TPM_KEY_HANDLE) 0x40000004) // The handle points to the Operator auth 213#define TPM_KH_ADMIN ((TPM_KEY_HANDLE) 0x40000005) // The handle points to the delegation administration auth 214#define TPM_KH_EK ((TPM_KEY_HANDLE) 0x40000006) // The handle points to the PUBEK, only usable with TPM_OwnerReadInternalPub 215 216// 217// Part 2, section 4.5: TPM_STARTUP_TYPE 218// 219#define TPM_ST_CLEAR ((TPM_STARTUP_TYPE) 0x0001) // The TPM is starting up from a clean state 220#define TPM_ST_STATE ((TPM_STARTUP_TYPE) 0x0002) // The TPM is starting up from a saved state 221#define TPM_ST_DEACTIVATED ((TPM_STARTUP_TYPE) 0x0003) // The TPM is to startup and set the deactivated flag to TRUE 222 223// 224// Part 2, section 4.6: TPM_STATUP_EFFECTS 225// The table makeup is still an open issue. 226// 227 228// 229// Part 2, section 4.7: TPM_PROTOCOL_ID 230// 231#define TPM_PID_OIAP ((TPM_PROTOCOL_ID) 0x0001) // The OIAP protocol. 232#define TPM_PID_OSAP ((TPM_PROTOCOL_ID) 0x0002) // The OSAP protocol. 233#define TPM_PID_ADIP ((TPM_PROTOCOL_ID) 0x0003) // The ADIP protocol. 234#define TPM_PID_ADCP ((TPM_PROTOCOL_ID) 0x0004) // The ADCP protocol. 235#define TPM_PID_OWNER ((TPM_PROTOCOL_ID) 0x0005) // The protocol for taking ownership of a TPM. 236#define TPM_PID_DSAP ((TPM_PROTOCOL_ID) 0x0006) // The DSAP protocol 237#define TPM_PID_TRANSPORT ((TPM_PROTOCOL_ID) 0x0007) // The transport protocol 238 239// 240// Part 2, section 4.8: TPM_ALGORITHM_ID 241// The TPM MUST support the algorithms TPM_ALG_RSA, TPM_ALG_SHA, TPM_ALG_HMAC, 242// TPM_ALG_MGF1 243// 244#define TPM_ALG_RSA ((TPM_ALGORITHM_ID) 0x00000001) // The RSA algorithm. 245#define TPM_ALG_DES ((TPM_ALGORITHM_ID) 0x00000002) // The DES algorithm 246#define TPM_ALG_3DES ((TPM_ALGORITHM_ID) 0x00000003) // The 3DES algorithm in EDE mode 247#define TPM_ALG_SHA ((TPM_ALGORITHM_ID) 0x00000004) // The SHA1 algorithm 248#define TPM_ALG_HMAC ((TPM_ALGORITHM_ID) 0x00000005) // The RFC 2104 HMAC algorithm 249#define TPM_ALG_AES128 ((TPM_ALGORITHM_ID) 0x00000006) // The AES algorithm, key size 128 250#define TPM_ALG_MGF1 ((TPM_ALGORITHM_ID) 0x00000007) // The XOR algorithm using MGF1 to create a string the size of the encrypted block 251#define TPM_ALG_AES192 ((TPM_ALGORITHM_ID) 0x00000008) // AES, key size 192 252#define TPM_ALG_AES256 ((TPM_ALGORITHM_ID) 0x00000009) // AES, key size 256 253#define TPM_ALG_XOR ((TPM_ALGORITHM_ID) 0x0000000A) // XOR using the rolling nonces 254 255// 256// Part 2, section 4.9: TPM_PHYSICAL_PRESENCE 257// 258#define TPM_PHYSICAL_PRESENCE_HW_DISABLE ((TPM_PHYSICAL_PRESENCE) 0x0200) // Sets the physicalPresenceHWEnable to FALSE 259#define TPM_PHYSICAL_PRESENCE_CMD_DISABLE ((TPM_PHYSICAL_PRESENCE) 0x0100) // Sets the physicalPresenceCMDEnable to FALSE 260#define TPM_PHYSICAL_PRESENCE_LIFETIME_LOCK ((TPM_PHYSICAL_PRESENCE) 0x0080) // Sets the physicalPresenceLifetimeLock to TRUE 261#define TPM_PHYSICAL_PRESENCE_HW_ENABLE ((TPM_PHYSICAL_PRESENCE) 0x0040) // Sets the physicalPresenceHWEnable to TRUE 262#define TPM_PHYSICAL_PRESENCE_CMD_ENABLE ((TPM_PHYSICAL_PRESENCE) 0x0020) // Sets the physicalPresenceCMDEnable to TRUE 263#define TPM_PHYSICAL_PRESENCE_NOTPRESENT ((TPM_PHYSICAL_PRESENCE) 0x0010) // Sets PhysicalPresence = FALSE 264#define TPM_PHYSICAL_PRESENCE_PRESENT ((TPM_PHYSICAL_PRESENCE) 0x0008) // Sets PhysicalPresence = TRUE 265#define TPM_PHYSICAL_PRESENCE_LOCK ((TPM_PHYSICAL_PRESENCE) 0x0004) // Sets PhysicalPresenceLock = TRUE 266 267// 268// Part 2, section 4.10: TPM_MIGRATE_SCHEME 269// 270#define TPM_MS_MIGRATE ((TPM_MIGRATE_SCHEME) 0x0001) // A public key that can be used with all TPM migration commands other than 'ReWrap' mode. 271#define TPM_MS_REWRAP ((TPM_MIGRATE_SCHEME) 0x0002) // A public key that can be used for the ReWrap mode of TPM_CreateMigrationBlob. 272#define TPM_MS_MAINT ((TPM_MIGRATE_SCHEME) 0x0003) // A public key that can be used for the Maintenance commands 273#define TPM_MS_RESTRICT_MIGRATE ((TPM_MIGRATE_SCHEME) 0x0004) // The key is to be migrated to a Migration Authority. 274#define TPM_MS_RESTRICT_APPROVE_DOUBLE ((TPM_MIGRATE_SCHEME) 0x0005) // The key is to be migrated to an entity approved by a Migration Authority using double wrapping 275 276// 277// Part 2, section 4.11: TPM_EK_TYPE 278// 279#define TPM_EK_TYPE_ACTIVATE ((TPM_EK_TYPE) 0x0001) // The blob MUST be TPM_EK_BLOB_ACTIVATE 280#define TPM_EK_TYPE_AUTH ((TPM_EK_TYPE) 0x0002) // The blob MUST be TPM_EK_BLOB_AUTH 281 282// 283// Part 2, section 4.12: TPM_PLATFORM_SPECIFIC 284// 285#define TPM_PS_PC_11 ((TPM_PLATFORM_SPECIFIC) 0x0001) // PC Specific version 1.1 286#define TPM_PS_PC_12 ((TPM_PLATFORM_SPECIFIC) 0x0002) // PC Specific version 1.2 287#define TPM_PS_PDA_12 ((TPM_PLATFORM_SPECIFIC) 0x0003) // PDA Specific version 1.2 288#define TPM_PS_Server_12 ((TPM_PLATFORM_SPECIFIC) 0x0004) // Server Specific version 1.2 289#define TPM_PS_Mobile_12 ((TPM_PLATFORM_SPECIFIC) 0x0005) // Mobil Specific version 1.2 290 291// 292// Part 2, section 5: Basic Structures 293// 294 295// 296// Part 2, section 5.1: TPM_STRUCT_VER 297// 298typedef struct tdTPM_STRUCT_VER { 299 UINT8 major; 300 UINT8 minor; 301 UINT8 revMajor; 302 UINT8 revMinor; 303} TPM_STRUCT_VER; 304 305// 306// Part 2, section 5.3: TPM_VERSION 307// 308typedef struct tdTPM_VERSION { 309 TPM_VERSION_BYTE major; 310 TPM_VERSION_BYTE minor; 311 UINT8 revMajor; 312 UINT8 revMinor; 313} TPM_VERSION; 314 315// 316// Part 2, section 5.4: TPM_DIGEST 317// 318#define TPM_SHA1_160_HASH_LEN 0x14 319#define TPM_SHA1BASED_NONCE_LEN TPM_SHA1_160_HASH_LEN 320 321typedef struct tdTPM_DIGEST{ 322 UINT8 digest[TPM_SHA1_160_HASH_LEN]; 323} TPM_DIGEST; 324 325typedef TPM_DIGEST TPM_CHOSENID_HASH; // This SHALL be the digest of the chosen identityLabel and privacyCA for a new TPM identity. 326typedef TPM_DIGEST TPM_COMPOSITE_HASH; // This SHALL be the hash of a list of PCR indexes and PCR values that a key or data is bound to. 327typedef TPM_DIGEST TPM_DIRVALUE; // This SHALL be the value of a DIR register 328typedef TPM_DIGEST TPM_HMAC; 329typedef TPM_DIGEST TPM_PCRVALUE; // The value inside of the PCR 330typedef TPM_DIGEST TPM_AUDITDIGEST; // This SHALL be the value of the current internal audit state 331 332// 333// Part 2, section 5.5: TPM_NONCE 334// 335typedef struct tdTPM_NONCE{ 336 UINT8 nonce[20]; 337} TPM_NONCE; 338 339typedef TPM_NONCE TPM_DAA_TPM_SEED; // This SHALL be a random value generated by a TPM immediately after the EK is installed in that TPM, whenever an EK is installed in that TPM 340typedef TPM_NONCE TPM_DAA_CONTEXT_SEED; // This SHALL be a random value 341 342// 343// Part 2, section 5.6: TPM_AUTHDATA 344// 345typedef UINT8 tdTPM_AUTHDATA[20]; 346typedef tdTPM_AUTHDATA TPM_AUTHDATA; 347typedef TPM_AUTHDATA TPM_SECRET; 348typedef TPM_AUTHDATA TPM_ENCAUTH; 349 350// 351// Part 2, section 5.7: TPM_KEY_HANDLE_LIST 352// Size of handle is loaded * sizeof(TPM_KEY_HANDLE) 353// 354typedef struct tdTPM_KEY_HANDLE_LIST { 355 UINT16 loaded; 356 TPM_KEY_HANDLE handle[1]; 357} TPM_KEY_HANDLE_LIST; 358 359// 360// Part 2, section 5.8: TPM_KEY_USAGE values 361// 362 363#define TPM_KEY_SIGNING ((UINT16) 0x0010) 364// TPM_KEY_SIGNING SHALL indicate a signing key. The [private] key SHALL be 365// used for signing operations, only. This means that it MUST be a leaf of the 366// Protected Storage key hierarchy. 367 368#define TPM_KEY_STORAGE ((UINT16) 0x0011) 369// TPM_KEY_STORAGE SHALL indicate a storage key. The key SHALL be used to wrap 370// and unwrap other keys in the Protected Storage hierarchy 371 372#define TPM_KEY_IDENTITY ((UINT16) 0x0012) 373// TPM_KEY_IDENTITY SHALL indicate an identity key. The key SHALL be used for 374// operations that require a TPM identity, only. 375 376#define TPM_KEY_AUTHCHANGE ((UINT16) 0x0013) 377// TPM_KEY_AUTHCHANGE SHALL indicate an ephemeral key that is in use during 378// the ChangeAuthAsym process, only. 379 380#define TPM_KEY_BIND ((UINT16) 0x0014) 381// TPM_KEY_BIND SHALL indicate a key that can be used for TPM_Bind and 382// TPM_Unbind operations only. 383 384#define TPM_KEY_LEGACY ((UINT16) 0x0015) 385// TPM_KEY_LEGACY SHALL indicate a key that can perform signing and binding 386// operations. The key MAY be used for both signing and binding operations. 387// The TPM_KEY_LEGACY key type is to allow for use by applications where both 388// signing and encryption operations occur with the same key. The use of this 389// key type is not recommended TPM_KEY_MIGRATE 0x0016 This SHALL indicate a 390// key in use for TPM_MigrateKey 391 392#define TPM_KEY_MIGRATE ((UINT16) 0x0016) 393// TPM_KEY_MIGRAGE SHALL indicate a key in use for TPM_MigrateKey 394 395// 396// Part 2, section 5.8.1: Encryption/Signature schemes 397// 398 399#define TPM_ES_NONE ((TPM_ENC_SCHEME) 0x0001) 400#define TPM_ES_RSAESPKCSv15 ((TPM_ENC_SCHEME) 0x0002) 401#define TPM_ES_RSAESOAEP_SHA1_MGF1 ((TPM_ENC_SCHEME) 0x0003) 402#define TPM_ES_SYM_CNT ((TPM_ENC_SCHEME) 0x0004) // rev94 defined 403#define TPM_ES_SYM_CTR ((TPM_ENC_SCHEME) 0x0004) 404#define TPM_ES_SYM_OFB ((TPM_ENC_SCHEME) 0x0005) 405 406#define TPM_SS_NONE ((TPM_SIG_SCHEME) 0x0001) 407#define TPM_SS_RSASSAPKCS1v15_SHA1 ((TPM_SIG_SCHEME) 0x0002) 408#define TPM_SS_RSASSAPKCS1v15_DER ((TPM_SIG_SCHEME) 0x0003) 409#define TPM_SS_RSASSAPKCS1v15_INFO ((TPM_SIG_SCHEME) 0x0004) 410 411// 412// Part 2, section 5.9: TPM_AUTH_DATA_USAGE values 413// 414#define TPM_AUTH_NEVER ((TPM_AUTH_DATA_USAGE) 0x00) 415#define TPM_AUTH_ALWAYS ((TPM_AUTH_DATA_USAGE) 0x01) 416#define TPM_AUTH_PRIV_USE_ONLY ((TPM_AUTH_DATA_USAGE) 0x03) 417 418// 419// Part 2, section 5.10: TPM_KEY_FLAGS 420// 421enum tdTPM_KEY_FLAGS { 422 redirection = 0x00000001, 423 migratable = 0x00000002, 424 isVolatile = 0x00000004, 425 pcrIgnoredOnRead = 0x00000008, 426 migrateAuthority = 0x00000010 427}; 428 429// 430// Part 2, section 5.11: TPM_CHANGEAUTH_VALIDATE 431// 432typedef struct tdTPM_CHANGEAUTH_VALIDATE { 433 TPM_SECRET newAuthSecret; 434 TPM_NONCE n1; 435} TPM_CHANGEAUTH_VALIDATE; 436 437// 438// Part 2, section 5.12: TPM_MIGRATIONKEYAUTH 439// decalared after section 10 to catch declaration of TPM_PUBKEY 440// 441// Part 2 section 10.1: TPM_KEY_PARMS 442// [size_is(parmSize)] BYTE* parms; 443// 444typedef struct tdTPM_KEY_PARMS { 445 TPM_ALGORITHM_ID algorithmID; 446 TPM_ENC_SCHEME encScheme; 447 TPM_SIG_SCHEME sigScheme; 448 UINT32 parmSize; 449 UINT8 *parms; 450} TPM_KEY_PARMS; 451 452// 453// Part 2, section 10.4: TPM_STORE_PUBKEY 454// 455typedef struct tdTPM_STORE_PUBKEY { 456 UINT32 keyLength; 457 UINT8 key[1]; 458} TPM_STORE_PUBKEY; 459 460// 461// Part 2, section 10.5: TPM_PUBKEY 462// 463typedef struct tdTPM_PUBKEY{ 464 TPM_KEY_PARMS algorithmParms; 465 TPM_STORE_PUBKEY pubKey; 466} TPM_PUBKEY; 467 468// 469// Part 2, section 5.12: TPM_MIGRATIONKEYAUTH 470// 471typedef struct tdTPM_MIGRATIONKEYAUTH{ 472 TPM_PUBKEY migrationKey; 473 TPM_MIGRATE_SCHEME migrationScheme; 474 TPM_DIGEST digest; 475} TPM_MIGRATIONKEYAUTH; 476 477// 478// Part 2, section 5.13: TPM_COUNTER_VALUE 479// 480typedef struct tdTPM_COUNTER_VALUE{ 481 TPM_STRUCTURE_TAG tag; 482 UINT8 label[4]; 483 TPM_ACTUAL_COUNT counter; 484} TPM_COUNTER_VALUE; 485 486// 487// Part 2, section 5.14: TPM_SIGN_INFO 488// Size of data indicated by dataLen 489// 490typedef struct tdTPM_SIGN_INFO { 491 TPM_STRUCTURE_TAG tag; 492 UINT8 fixed[4]; 493 TPM_NONCE replay; 494 UINT32 dataLen; 495 UINT8 *data; 496} TPM_SIGN_INFO; 497 498// 499// Part 2, section 5.15: TPM_MSA_COMPOSITE 500// Number of migAuthDigest indicated by MSAlist 501// 502typedef struct tdTPM_MSA_COMPOSITE { 503 UINT32 MSAlist; 504 TPM_DIGEST migAuthDigest[1]; 505} TPM_MSA_COMPOSITE; 506 507// 508// Part 2, section 5.16: TPM_CMK_AUTH 509// 510typedef struct tdTPM_CMK_AUTH{ 511 TPM_DIGEST migrationAuthorityDigest; 512 TPM_DIGEST destinationKeyDigest; 513 TPM_DIGEST sourceKeyDigest; 514} TPM_CMK_AUTH; 515 516// 517// Part 2, section 5.17: TPM_CMK_DELEGATE 518// 519#define TPM_CMK_DELEGATE_SIGNING (((TPM_CMK_DELEGATE)1) << 31) 520#define TPM_CMK_DELEGATE_STORAGE (((TPM_CMK_DELEGATE)1) << 30) 521#define TPM_CMK_DELEGATE_BIND (((TPM_CMK_DELEGATE)1) << 29) 522#define TPM_CMK_DELEGATE_LEGACY (((TPM_CMK_DELEGATE)1) << 28) 523#define TPM_CMK_DELEGATE_MIGRATE (((TPM_CMK_DELEGATE)1) << 27) 524 525// 526// Part 2, section 5.18: TPM_SELECT_SIZE 527// 528typedef struct tdTPM_SELECT_SIZE { 529 UINT8 major; 530 UINT8 minor; 531 UINT16 reqSize; 532} TPM_SELECT_SIZE; 533 534// 535// Part 2, section 5,19: TPM_CMK_MIGAUTH 536// 537typedef struct tdTPM_CMK_MIGAUTH{ 538 TPM_STRUCTURE_TAG tag; 539 TPM_DIGEST msaDigest; 540 TPM_DIGEST pubKeyDigest; 541} TPM_CMK_MIGAUTH; 542 543// 544// Part 2, section 5.20: TPM_CMK_SIGTICKET 545// 546typedef struct tdTPM_CMK_SIGTICKET{ 547 TPM_STRUCTURE_TAG tag; 548 TPM_DIGEST verKeyDigest; 549 TPM_DIGEST signedData; 550} TPM_CMK_SIGTICKET; 551 552// 553// Part 2, section 5.21: TPM_CMK_MA_APPROVAL 554// 555typedef struct tdTPM_CMK_MA_APPROVAL{ 556 TPM_STRUCTURE_TAG tag; 557 TPM_DIGEST migrationAuthorityDigest; 558} TPM_CMK_MA_APPROVAL; 559 560// 561// Part 2, section 6: Command Tags 562// 563#define TPM_TAG_RQU_COMMAND ((TPM_STRUCTURE_TAG) 0x00C1) 564#define TPM_TAG_RQU_AUTH1_COMMAND ((TPM_STRUCTURE_TAG) 0x00C2) 565#define TPM_TAG_RQU_AUTH2_COMMAND ((TPM_STRUCTURE_TAG) 0x00C3) 566#define TPM_TAG_RSP_COMMAND ((TPM_STRUCTURE_TAG) 0x00C4) 567#define TPM_TAG_RSP_AUTH1_COMMAND ((TPM_STRUCTURE_TAG) 0x00C5) 568#define TPM_TAG_RSP_AUTH2_COMMAND ((TPM_STRUCTURE_TAG) 0x00C6) 569 570// 571// Part 2, section 7.1: TPM_PERMANENT_FLAGS 572// 573typedef struct tdTPM_PERMANENT_FLAGS{ 574 TPM_STRUCTURE_TAG tag; 575 BOOLEAN disable; 576 BOOLEAN ownership; 577 BOOLEAN deactivated; 578 BOOLEAN readPubek; 579 BOOLEAN disableOwnerClear; 580 BOOLEAN allowMaintenance; 581 BOOLEAN physicalPresenceLifetimeLock; 582 BOOLEAN physicalPresenceHWEnable; 583 BOOLEAN physicalPresenceCMDEnable; 584 BOOLEAN CEKPUsed; 585 BOOLEAN TPMpost; 586 BOOLEAN TPMpostLock; 587 BOOLEAN FIPS; 588 BOOLEAN operator; 589 BOOLEAN enableRevokeEK; 590 BOOLEAN nvLocked; 591 BOOLEAN readSRKPub; 592 BOOLEAN tpmEstablished; 593 BOOLEAN maintenanceDone; 594 BOOLEAN disableFullDALogicInfo; 595} TPM_PERMANENT_FLAGS; 596 597// 598// Part 2, section 7.1.1: PERMANENT_FLAGS Subcap for SetCapability 599// 600#define TPM_PF_DISABLE ((TPM_CAPABILITY_AREA) 1) 601#define TPM_PF_OWNERSHIP ((TPM_CAPABILITY_AREA) 2) 602#define TPM_PF_DEACTIVATED ((TPM_CAPABILITY_AREA) 3) 603#define TPM_PF_READPUBEK ((TPM_CAPABILITY_AREA) 4) 604#define TPM_PF_DISABLEOWNERCLEAR ((TPM_CAPABILITY_AREA) 5) 605#define TPM_PF_ALLOWMAINTENANCE ((TPM_CAPABILITY_AREA) 6) 606#define TPM_PF_PHYSICALPRESENCELIFETIMELOCK ((TPM_CAPABILITY_AREA) 7) 607#define TPM_PF_PHYSICALPRESENCEHWENABLE ((TPM_CAPABILITY_AREA) 8) 608#define TPM_PF_PHYSICALPRESENCECMDENABLE ((TPM_CAPABILITY_AREA) 9) 609#define TPM_PF_CEKPUSED ((TPM_CAPABILITY_AREA) 10) 610#define TPM_PF_TPMPOST ((TPM_CAPABILITY_AREA) 11) 611#define TPM_PF_TPMPOSTLOCK ((TPM_CAPABILITY_AREA) 12) 612#define TPM_PF_FIPS ((TPM_CAPABILITY_AREA) 13) 613#define TPM_PF_OPERATOR ((TPM_CAPABILITY_AREA) 14) 614#define TPM_PF_ENABLEREVOKEEK ((TPM_CAPABILITY_AREA) 15) 615#define TPM_PF_NV_LOCKED ((TPM_CAPABILITY_AREA) 16) 616#define TPM_PF_READSRKPUB ((TPM_CAPABILITY_AREA) 17) 617#define TPM_PF_TPMESTABLISHED ((TPM_CAPABILITY_AREA) 18) 618#define TPM_PF_MAINTENANCEDONE ((TPM_CAPABILITY_AREA) 19) 619#define TPM_PF_DISABLEFULLDALOGICINFO ((TPM_CAPABILITY_AREA) 20) 620 621// 622// Part 2, section 7.2: TPM_STCLEAR_FLAGS 623// 624typedef struct tdTPM_STCLEAR_FLAGS{ 625 TPM_STRUCTURE_TAG tag; 626 BOOLEAN deactivated; 627 BOOLEAN disableForceClear; 628 BOOLEAN physicalPresence; 629 BOOLEAN physicalPresenceLock; 630 BOOLEAN bGlobalLock; 631} TPM_STCLEAR_FLAGS; 632 633// 634// Part 2, section 7.2.1: STCLEAR_FLAGS Subcap for SetCapability 635// 636#define TPM_SF_DEACTIVATED ((TPM_CAPABILITY_AREA) 1) 637#define TPM_SF_DISABLEFORCECLEAR ((TPM_CAPABILITY_AREA) 2) 638#define TPM_SF_PHYSICALPRESENCE ((TPM_CAPABILITY_AREA) 3) 639#define TPM_SF_PHYSICALPRESENCELOCK ((TPM_CAPABILITY_AREA) 4) 640#define TPM_SF_BGLOBALLOCK ((TPM_CAPABILITY_AREA) 5) 641 642// 643// Part 2, section 7.3: TPM_STANY_FLAGS 644// 645typedef struct tdTPM_STANY_FLAGS{ 646 TPM_STRUCTURE_TAG tag; 647 BOOLEAN postInitialise; 648 TPM_MODIFIER_INDICATOR localityModifier; 649 BOOLEAN transportExclusive; 650 BOOLEAN TOSPresent; 651} TPM_STANY_FLAGS; 652 653// 654// Part 2, section 7.3.1: STANY_FLAGS Subcap for SetCapability 655// 656#define TPM_AF_POSTINITIALISE ((TPM_CAPABILITY_AREA) 1) 657#define TPM_AF_LOCALITYMODIFIER ((TPM_CAPABILITY_AREA) 2) 658#define TPM_AF_TRANSPORTEXCLUSIVE ((TPM_CAPABILITY_AREA) 3) 659#define TPM_AF_TOSPRESENT ((TPM_CAPABILITY_AREA) 4) 660 661// 662// All those structures (section 7.4, 7.5, 7.6) are not normative and 663// thus no definitions here 664// 665// Part 2, section 7.4: TPM_PERMANENT_DATA 666// 667#define TPM_MIN_COUNTERS 4 // the minimum number of counters is 4 668#define TPM_DELEGATE_KEY TPM_KEY 669#define TPM_NUM_PCR 16 670#define TPM_MAX_NV_WRITE_NOOWNER 64 671 672//typedef struct tdTPM_PERMANENT_DATA 673//{ 674// TPM_STRUCTURE_TAG tag; 675// UINT8 revMajor; 676// UINT8 revMinor; 677// TPM_NONCE tpmProof; 678// TPM_NONCE ekReset; 679// TPM_SECRET ownerAuth; 680// TPM_SECRET operatorAuth; 681// TPM_DIRVALUE authDIR[1]; 682// TPM_PUBKEY manuMaintPub; 683// TPM_KEY endorsementKey; 684// TPM_KEY srk; 685// TPM_KEY contextKey; 686// TPM_KEY delegateKey; 687// TPM_COUNTER_VALUE auditMonotonicCounter; 688// TPM_COUNTER_VALUE monitonicCounter[TPM_MIN_COUNTERS]; 689// TPM_PCR_ATTRIBUTES pcrAttrib[TPM_NUM_PCR]; 690// UINT8 ordinalAuditStatus[]; 691// UINT8 *rngState; 692// TPM_FAMILY_TABLE familyTable; 693// TPM_DELEGATE_TABLE delegateTable; 694// UINT32 maxNVBufSize; 695// UINT32 lastFamilyID; 696// UINT32 noOwnerNVWrite; 697// TPM_CMK_DELEGATE restrictDelegate; 698// TPM_DAA_TPM_SEED tpmDAASeed; 699// TPM_NONCE daaProff; 700// TPM_KEY daaBlobKey; 701//} TPM_PERMANENT_DATA; 702 703// 704// Part 2, section 7.4.1: PERMANENT_DATA Subcap for SetCapability 705// 706#define TPM_PD_REVMAJOR ((TPM_CAPABILITY_AREA) 1) 707#define TPM_PD_REVMINOR ((TPM_CAPABILITY_AREA) 2) 708#define TPM_PD_TPMPROOF ((TPM_CAPABILITY_AREA) 3) 709#define TPM_PD_OWNERAUTH ((TPM_CAPABILITY_AREA) 4) 710#define TPM_PD_OPERATORAUTH ((TPM_CAPABILITY_AREA) 5) 711#define TPM_PD_MANUMAINTPUB ((TPM_CAPABILITY_AREA) 6) 712#define TPM_PD_ENDORSEMENTKEY ((TPM_CAPABILITY_AREA) 7) 713#define TPM_PD_SRK ((TPM_CAPABILITY_AREA) 8) 714#define TPM_PD_DELEGATEKEY ((TPM_CAPABILITY_AREA) 9) 715#define TPM_PD_CONTEXTKEY ((TPM_CAPABILITY_AREA) 10) 716#define TPM_PD_AUDITMONOTONICCOUNTER ((TPM_CAPABILITY_AREA) 11) 717#define TPM_PD_MONOTONICCOUNTER ((TPM_CAPABILITY_AREA) 12) 718#define TPM_PD_PCRATTRIB ((TPM_CAPABILITY_AREA) 13) 719#define TPM_PD_ORDINALAUDITSTATUS ((TPM_CAPABILITY_AREA) 14) 720#define TPM_PD_AUTHDIR ((TPM_CAPABILITY_AREA) 15) 721#define TPM_PD_RNGSTATE ((TPM_CAPABILITY_AREA) 16) 722#define TPM_PD_FAMILYTABLE ((TPM_CAPABILITY_AREA) 17) 723#define TPM_DELEGATETABLE ((TPM_CAPABILITY_AREA) 18) 724#define TPM_PD_EKRESET ((TPM_CAPABILITY_AREA) 19) 725#define TPM_PD_MAXNVBUFSIZE ((TPM_CAPABILITY_AREA) 20) 726#define TPM_PD_LASTFAMILYID ((TPM_CAPABILITY_AREA) 21) 727#define TPM_PD_NOOWNERNVWRITE ((TPM_CAPABILITY_AREA) 22) 728#define TPM_PD_RESTRICTDELEGATE ((TPM_CAPABILITY_AREA) 23) 729#define TPM_PD_TPMDAASEED ((TPM_CAPABILITY_AREA) 24) 730#define TPM_PD_DAAPROOF ((TPM_CAPABILITY_AREA) 25) 731 732// 733// Part 2, section 7.5: TPM_STCLEAR_DATA 734// available inside TPM only 735// 736 typedef struct tdTPM_STCLEAR_DATA{ 737 TPM_STRUCTURE_TAG tag; 738 TPM_NONCE contextNonceKey; 739 TPM_COUNT_ID countID; 740 UINT32 ownerReference; 741 BOOLEAN disableResetLock; 742 TPM_PCRVALUE PCR[TPM_NUM_PCR]; 743 UINT32 deferredPhysicalPresence; 744 }TPM_STCLEAR_DATA; 745 746// 747// Part 2, section 7.5.1: STCLEAR_DATA Subcap for SetCapability 748// 749#define TPM_SD_CONTEXTNONCEKEY ((TPM_CAPABILITY_AREA)0x00000001) 750#define TPM_SD_COUNTID ((TPM_CAPABILITY_AREA)0x00000002) 751#define TPM_SD_OWNERREFERENCE ((TPM_CAPABILITY_AREA)0x00000003) 752#define TPM_SD_DISABLERESETLOCK ((TPM_CAPABILITY_AREA)0x00000004) 753#define TPM_SD_PCR ((TPM_CAPABILITY_AREA)0x00000005) 754#define TPM_SD_DEFERREDPHYSICALPRESENCE ((TPM_CAPABILITY_AREA)0x00000006) 755 756// 757// Part 2, section 7.6: TPM_STANY_DATA 758// available inside TPM only 759// 760//typedef struct tdTPM_STANY_DATA 761//{ 762// TPM_STRUCTURE_TAG tag; 763// TPM_NONCE contextNonceSession; 764// TPM_DIGEST auditDigest; 765// TPM_CURRENT_TICKS currentTicks; 766// UINT32 contextCount; 767// UINT32 contextList[TPM_MIN_SESSION_LIST]; 768// TPM_SESSION_DATA sessions[TPM_MIN_SESSIONS]; 769//} TPM_STANY_DATA; 770 771// 772// Part 2, section 7.6.1: STANY_DATA Subcap for SetCapability 773// 774#define TPM_AD_CONTEXTNONCESESSION ((TPM_CAPABILITY_AREA) 1) 775#define TPM_AD_AUDITDIGEST ((TPM_CAPABILITY_AREA) 2) 776#define TPM_AD_CURRENTTICKS ((TPM_CAPABILITY_AREA) 3) 777#define TPM_AD_CONTEXTCOUNT ((TPM_CAPABILITY_AREA) 4) 778#define TPM_AD_CONTEXTLIST ((TPM_CAPABILITY_AREA) 5) 779#define TPM_AD_SESSIONS ((TPM_CAPABILITY_AREA) 6) 780 781// 782// Part 2, section 8: PCR Structures 783// 784 785// 786// Part 2, section 8.1: TPM_PCR_SELECTION 787// Size of pcrSelect[] indicated by sizeOfSelect 788// 789typedef struct tdTPM_PCR_SELECTION { 790 UINT16 sizeOfSelect; 791 UINT8 pcrSelect[1]; 792} TPM_PCR_SELECTION; 793 794// 795// Part 2, section 8.2: TPM_PCR_COMPOSITE 796// Size of pcrValue[] indicated by valueSize 797// 798typedef struct tdTPM_PCR_COMPOSITE { 799 TPM_PCR_SELECTION select; 800 UINT32 valueSize; 801 TPM_PCRVALUE pcrValue[1]; 802} TPM_PCR_COMPOSITE; 803 804// 805// Part 2, section 8.3: TPM_PCR_INFO 806// 807typedef struct tdTPM_PCR_INFO { 808 TPM_PCR_SELECTION pcrSelection; 809 TPM_COMPOSITE_HASH digestAtRelease; 810 TPM_COMPOSITE_HASH digestAtCreation; 811} TPM_PCR_INFO; 812 813// 814// Part 2, section 8.6: TPM_LOCALITY_SELECTION 815// 816typedef UINT8 TPM_LOCALITY_SELECTION; 817 818#define TPM_LOC_FOUR ((UINT8) 0x10) 819#define TPM_LOC_THREE ((UINT8) 0x08) 820#define TPM_LOC_TWO ((UINT8) 0x04) 821#define TPM_LOC_ONE ((UINT8) 0x02) 822#define TPM_LOC_ZERO ((UINT8) 0x01) 823 824// 825// Part 2, section 8.4: TPM_PCR_INFO_LONG 826// 827typedef struct tdTPM_PCR_INFO_LONG { 828 TPM_STRUCTURE_TAG tag; 829 TPM_LOCALITY_SELECTION localityAtCreation; 830 TPM_LOCALITY_SELECTION localityAtRelease; 831 TPM_PCR_SELECTION creationPCRSelection; 832 TPM_PCR_SELECTION releasePCRSelection; 833 TPM_COMPOSITE_HASH digestAtCreation; 834 TPM_COMPOSITE_HASH digestAtRelease; 835} TPM_PCR_INFO_LONG; 836 837// 838// Part 2, section 8.5: TPM_PCR_INFO_SHORT 839// 840typedef struct tdTPM_PCR_INFO_SHORT{ 841 TPM_PCR_SELECTION pcrSelection; 842 TPM_LOCALITY_SELECTION localityAtRelease; 843 TPM_COMPOSITE_HASH digestAtRelease; 844} TPM_PCR_INFO_SHORT; 845 846// 847// Part 2, section 8.8: TPM_PCR_ATTRIBUTES 848// 849typedef struct tdTPM_PCR_ATTRIBUTES{ 850 BOOLEAN pcrReset; 851 TPM_LOCALITY_SELECTION pcrExtendLocal; 852 TPM_LOCALITY_SELECTION pcrResetLocal; 853} TPM_PCR_ATTRIBUTES; 854 855// 856// Part 2, section 9: Storage Structures 857// 858 859// 860// Part 2, section 9.1: TPM_STORED_DATA 861// [size_is(sealInfoSize)] BYTE* sealInfo; 862// [size_is(encDataSize)] BYTE* encData; 863// 864typedef struct tdTPM_STORED_DATA { 865 TPM_STRUCT_VER ver; 866 UINT32 sealInfoSize; 867 UINT8 *sealInfo; 868 UINT32 encDataSize; 869 UINT8 *encData; 870} TPM_STORED_DATA; 871 872// 873// Part 2, section 9.2: TPM_STORED_DATA12 874// [size_is(sealInfoSize)] BYTE* sealInfo; 875// [size_is(encDataSize)] BYTE* encData; 876// 877typedef struct tdTPM_STORED_DATA12 { 878 TPM_STRUCTURE_TAG tag; 879 TPM_ENTITY_TYPE et; 880 UINT32 sealInfoSize; 881 UINT8 *sealInfo; 882 UINT32 encDataSize; 883 UINT8 *encData; 884} TPM_STORED_DATA12; 885 886// 887// Part 2, section 9.3: TPM_SEALED_DATA 888// [size_is(dataSize)] BYTE* data; 889// 890typedef struct tdTPM_SEALED_DATA { 891 TPM_PAYLOAD_TYPE payload; 892 TPM_SECRET authData; 893 TPM_NONCE tpmProof; 894 TPM_DIGEST storedDigest; 895 UINT32 dataSize; 896 UINT8 *data; 897} TPM_SEALED_DATA; 898 899// 900// Part 2, section 9.4: TPM_SYMMETRIC_KEY 901// [size_is(size)] BYTE* data; 902// 903typedef struct tdTPM_SYMMETRIC_KEY { 904 TPM_ALGORITHM_ID algId; 905 TPM_ENC_SCHEME encScheme; 906 UINT16 dataSize; 907 UINT8 *data; 908} TPM_SYMMETRIC_KEY; 909 910// 911// Part 2, section 9.5: TPM_BOUND_DATA 912// 913typedef struct tdTPM_BOUND_DATA { 914 TPM_STRUCT_VER ver; 915 TPM_PAYLOAD_TYPE payload; 916 UINT8 payloadData[1]; 917} TPM_BOUND_DATA; 918 919// 920// Part 2 section 10: TPM_KEY complex 921// 922 923// 924// Part 2, section 10.2: TPM_KEY 925// [size_is(encDataSize)] BYTE* encData; 926// 927typedef struct tdTPM_KEY{ 928 TPM_STRUCT_VER ver; 929 TPM_KEY_USAGE keyUsage; 930 TPM_KEY_FLAGS keyFlags; 931 TPM_AUTH_DATA_USAGE authDataUsage; 932 TPM_KEY_PARMS algorithmParms; 933 UINT32 PCRInfoSize; 934 UINT8 *PCRInfo; 935 TPM_STORE_PUBKEY pubKey; 936 UINT32 encDataSize; 937 UINT8 *encData; 938} TPM_KEY; 939 940// 941// Part 2, section 10.3: TPM_KEY12 942// [size_is(encDataSize)] BYTE* encData; 943// 944typedef struct tdTPM_KEY12{ 945 TPM_STRUCTURE_TAG tag; 946 UINT16 fill; 947 TPM_KEY_USAGE keyUsage; 948 TPM_KEY_FLAGS keyFlags; 949 TPM_AUTH_DATA_USAGE authDataUsage; 950 TPM_KEY_PARMS algorithmParms; 951 UINT32 PCRInfoSize; 952 UINT8 *PCRInfo; 953 TPM_STORE_PUBKEY pubKey; 954 UINT32 encDataSize; 955 UINT8 *encData; 956} TPM_KEY12; 957 958// 959// Part 2, section 10.7: TPM_STORE_PRIVKEY 960// [size_is(keyLength)] BYTE* key; 961// 962typedef struct tdTPM_STORE_PRIVKEY { 963 UINT32 keyLength; 964 UINT8 *key; 965} TPM_STORE_PRIVKEY; 966 967// 968// Part 2, section 10.6: TPM_STORE_ASYMKEY 969// 970typedef struct tdTPM_STORE_ASYMKEY { // pos len total 971 TPM_PAYLOAD_TYPE payload; // 0 1 1 972 TPM_SECRET usageAuth; // 1 20 21 973 TPM_SECRET migrationAuth; // 21 20 41 974 TPM_DIGEST pubDataDigest; // 41 20 61 975 TPM_STORE_PRIVKEY privKey; // 61 132-151 193-214 976} TPM_STORE_ASYMKEY; 977 978// 979// Part 2, section 10.8: TPM_MIGRATE_ASYMKEY 980// [size_is(partPrivKeyLen)] BYTE* partPrivKey; 981// 982typedef struct tdTPM_MIGRATE_ASYMKEY { // pos len total 983 TPM_PAYLOAD_TYPE payload; // 0 1 1 984 TPM_SECRET usageAuth; // 1 20 21 985 TPM_DIGEST pubDataDigest; // 21 20 41 986 UINT32 partPrivKeyLen; // 41 4 45 987 UINT8 *partPrivKey; // 45 112-127 157-172 988} TPM_MIGRATE_ASYMKEY; 989 990// 991// Part 2, section 10.9: TPM_KEY_CONTROL 992// 993#define TPM_KEY_CONTROL_OWNER_EVICT ((UINT32) 0x00000001) 994 995// 996// Part 2, section 11: Signed Structures 997// 998 999typedef struct tdTPM_CERTIFY_INFO 1000{ 1001 TPM_STRUCT_VER version; 1002 TPM_KEY_USAGE keyUsage; 1003 TPM_KEY_FLAGS keyFlags; 1004 TPM_AUTH_DATA_USAGE authDataUsage; 1005 TPM_KEY_PARMS algorithmParms; 1006 TPM_DIGEST pubkeyDigest; 1007 TPM_NONCE data; 1008 BOOLEAN parentPCRStatus; 1009 UINT32 PCRInfoSize; 1010 UINT8 *PCRInfo; 1011} TPM_CERTIFY_INFO; 1012 1013typedef struct tdTPM_CERTIFY_INFO2 1014{ 1015 TPM_STRUCTURE_TAG tag; 1016 UINT8 fill; 1017 TPM_PAYLOAD_TYPE payloadType; 1018 TPM_KEY_USAGE keyUsage; 1019 TPM_KEY_FLAGS keyFlags; 1020 TPM_AUTH_DATA_USAGE authDataUsage; 1021 TPM_KEY_PARMS algorithmParms; 1022 TPM_DIGEST pubkeyDigest; 1023 TPM_NONCE data; 1024 BOOLEAN parentPCRStatus; 1025 UINT32 PCRInfoSize; 1026 UINT8 *PCRInfo; 1027 UINT32 migrationAuthoritySize; 1028 UINT8 *migrationAuthority; 1029} TPM_CERTIFY_INFO2; 1030 1031typedef struct tdTPM_QUOTE_INFO 1032{ 1033 TPM_STRUCT_VER version; 1034 UINT8 fixed[4]; 1035 TPM_COMPOSITE_HASH digestValue; 1036 TPM_NONCE externalData; 1037} TPM_QUOTE_INFO; 1038 1039typedef struct tdTPM_QUOTE_INFO2 1040{ 1041 TPM_STRUCTURE_TAG tag; 1042 UINT8 fixed[4]; 1043 TPM_NONCE externalData; 1044 TPM_PCR_INFO_SHORT infoShort; 1045} TPM_QUOTE_INFO2; 1046 1047// 1048// Part 2, section 12: Identity Structures 1049// 1050 1051typedef struct tdTPM_EK_BLOB 1052{ 1053 TPM_STRUCTURE_TAG tag; 1054 TPM_EK_TYPE ekType; 1055 UINT32 blobSize; 1056 UINT8 *blob; 1057} TPM_EK_BLOB; 1058 1059typedef struct tdTPM_EK_BLOB_ACTIVATE 1060{ 1061 TPM_STRUCTURE_TAG tag; 1062 TPM_SYMMETRIC_KEY sessionKey; 1063 TPM_DIGEST idDigest; 1064 TPM_PCR_INFO_SHORT pcrInfo; 1065} TPM_EK_BLOB_ACTIVATE; 1066 1067typedef struct tdTPM_EK_BLOB_AUTH 1068{ 1069 TPM_STRUCTURE_TAG tag; 1070 TPM_SECRET authValue; 1071} TPM_EK_BLOB_AUTH; 1072 1073 1074typedef struct tdTPM_IDENTITY_CONTENTS 1075{ 1076 TPM_STRUCT_VER ver; 1077 UINT32 ordinal; 1078 TPM_CHOSENID_HASH labelPrivCADigest; 1079 TPM_PUBKEY identityPubKey; 1080} TPM_IDENTITY_CONTENTS; 1081 1082typedef struct tdTPM_IDENTITY_REQ 1083{ 1084 UINT32 asymSize; 1085 UINT32 symSize; 1086 TPM_KEY_PARMS asymAlgorithm; 1087 TPM_KEY_PARMS symAlgorithm; 1088 UINT8 *asymBlob; 1089 UINT8 *symBlob; 1090} TPM_IDENTITY_REQ; 1091 1092typedef struct tdTPM_IDENTITY_PROOF 1093{ 1094 TPM_STRUCT_VER ver; 1095 UINT32 labelSize; 1096 UINT32 identityBindingSize; 1097 UINT32 endorsementSize; 1098 UINT32 platformSize; 1099 UINT32 conformanceSize; 1100 TPM_PUBKEY identityKey; 1101 UINT8 *labelArea; 1102 UINT8 *identityBinding; 1103 UINT8 *endorsementCredential; 1104 UINT8 *platformCredential; 1105 UINT8 *conformanceCredential; 1106} TPM_IDENTITY_PROOF; 1107 1108typedef struct tdTPM_ASYM_CA_CONTENTS 1109{ 1110 TPM_SYMMETRIC_KEY sessionKey; 1111 TPM_DIGEST idDigest; 1112} TPM_ASYM_CA_CONTENTS; 1113 1114typedef struct tdTPM_SYM_CA_ATTESTATION 1115{ 1116 UINT32 credSize; 1117 TPM_KEY_PARMS algorithm; 1118 UINT8 *credential; 1119} TPM_SYM_CA_ATTESTATION; 1120 1121// 1122// Part 2, section 15: TPM_CURRENT_TICKS 1123// Placed here out of order because definitions are used in section 13. 1124// 1125typedef struct tdTPM_CURRENT_TICKS { 1126 TPM_STRUCTURE_TAG tag; 1127 UINT64 currentTicks; 1128 UINT16 tickRate; 1129 TPM_NONCE tickNonce; 1130} TPM_CURRENT_TICKS; 1131 1132// 1133// Part 2, section 13: Transport structures 1134// 1135 1136#define TPM_TRANSPORT_ENCRYPT ((UINT32)0x00000001) 1137#define TPM_TRANSPORT_LOG ((UINT32)0x00000002) 1138#define TPM_TRANSPORT_EXCLUSIVE ((UINT32)0x00000004) 1139 1140typedef struct tdTPM_TRANSPORT_PUBLIC 1141{ 1142 TPM_STRUCTURE_TAG tag; 1143 TPM_TRANSPORT_ATTRIBUTES transAttributes; 1144 TPM_ALGORITHM_ID algId; 1145 TPM_ENC_SCHEME encScheme; 1146} TPM_TRANSPORT_PUBLIC; 1147 1148typedef struct tdTPM_TRANSPORT_INTERNAL 1149{ 1150 TPM_STRUCTURE_TAG tag; 1151 TPM_AUTHDATA authData; 1152 TPM_TRANSPORT_PUBLIC transPublic; 1153 TPM_TRANSHANDLE transHandle; 1154 TPM_NONCE transNonceEven; 1155 TPM_DIGEST transDigest; 1156} TPM_TRANSPORT_INTERNAL; 1157 1158typedef struct tdTPM_TRANSPORT_LOG_IN 1159{ 1160 TPM_STRUCTURE_TAG tag; 1161 TPM_DIGEST parameters; 1162 TPM_DIGEST pubKeyHash; 1163} TPM_TRANSPORT_LOG_IN; 1164 1165typedef struct tdTPM_TRANSPORT_LOG_OUT 1166{ 1167 TPM_STRUCTURE_TAG tag; 1168 TPM_CURRENT_TICKS currentTicks; 1169 TPM_DIGEST parameters; 1170 TPM_MODIFIER_INDICATOR locality; 1171} TPM_TRANSPORT_LOG_OUT; 1172 1173typedef struct tdTPM_TRANSPORT_AUTH 1174{ 1175 TPM_STRUCTURE_TAG tag; 1176 TPM_AUTHDATA authData; 1177} TPM_TRANSPORT_AUTH; 1178 1179// 1180// Part 2, section 14: Audit Structures 1181// 1182 1183typedef struct tdTPM_AUDIT_EVENT_IN 1184{ 1185 TPM_STRUCTURE_TAG tag; 1186 TPM_DIGEST inputParms; 1187 TPM_COUNTER_VALUE auditCount; 1188} TPM_AUDIT_EVENT_IN; 1189 1190typedef struct tdTPM_AUDIT_EVENT_OUT 1191{ 1192 TPM_STRUCTURE_TAG tag; 1193 TPM_COMMAND_CODE ordinal; 1194 TPM_DIGEST outputParms; 1195 TPM_COUNTER_VALUE auditCount; 1196 TPM_RESULT returnCode; 1197} TPM_AUDIT_EVENT_OUT; 1198 1199// 1200// Part 2, section 16: Return Codes 1201// 1202#ifndef TPM_BASE 1203#error "TPM Error Codes require definition of TPM_BASE" 1204#endif 1205 1206#define TPM_VENDOR_ERROR TPM_Vendor_Specific32 1207#define TPM_NON_FATAL 0x00000800 1208 1209#define TPM_SUCCESS ((TPM_RESULT) TPM_BASE) 1210#define TPM_AUTHFAIL ((TPM_RESULT) (TPM_BASE + 1)) 1211#define TPM_BADINDEX ((TPM_RESULT) (TPM_BASE + 2)) 1212#define TPM_BAD_PARAMETER ((TPM_RESULT) (TPM_BASE + 3)) 1213#define TPM_AUDITFAILURE ((TPM_RESULT) (TPM_BASE + 4)) 1214#define TPM_CLEAR_DISABLED ((TPM_RESULT) (TPM_BASE + 5)) 1215#define TPM_DEACTIVATED ((TPM_RESULT) (TPM_BASE + 6)) 1216#define TPM_DISABLED ((TPM_RESULT) (TPM_BASE + 7)) 1217#define TPM_DISABLED_CMD ((TPM_RESULT) (TPM_BASE + 8)) 1218#define TPM_FAIL ((TPM_RESULT) (TPM_BASE + 9)) 1219#define TPM_BAD_ORDINAL ((TPM_RESULT) (TPM_BASE + 10)) 1220#define TPM_INSTALL_DISABLED ((TPM_RESULT) (TPM_BASE + 11)) 1221#define TPM_INVALID_KEYHANDLE ((TPM_RESULT) (TPM_BASE + 12)) 1222#define TPM_KEYNOTFOUND ((TPM_RESULT) (TPM_BASE + 13)) 1223#define TPM_INAPPROPRIATE_ENC ((TPM_RESULT) (TPM_BASE + 14)) 1224#define TPM_MIGRATEFAIL ((TPM_RESULT) (TPM_BASE + 15)) 1225#define TPM_INVALID_PCR_INFO ((TPM_RESULT) (TPM_BASE + 16)) 1226#define TPM_NOSPACE ((TPM_RESULT) (TPM_BASE + 17)) 1227#define TPM_NOSRK ((TPM_RESULT) (TPM_BASE + 18)) 1228#define TPM_NOTSEALED_BLOB ((TPM_RESULT) (TPM_BASE + 19)) 1229#define TPM_OWNER_SET ((TPM_RESULT) (TPM_BASE + 20)) 1230#define TPM_RESOURCES ((TPM_RESULT) (TPM_BASE + 21)) 1231#define TPM_SHORTRANDOM ((TPM_RESULT) (TPM_BASE + 22)) 1232#define TPM_SIZE ((TPM_RESULT) (TPM_BASE + 23)) 1233#define TPM_WRONGPCRVAL ((TPM_RESULT) (TPM_BASE + 24)) 1234#define TPM_BAD_PARAM_SIZE ((TPM_RESULT) (TPM_BASE + 25)) 1235#define TPM_SHA_THREAD ((TPM_RESULT) (TPM_BASE + 26)) 1236#define TPM_SHA_ERROR ((TPM_RESULT) (TPM_BASE + 27)) 1237#define TPM_FAILEDSELFTEST ((TPM_RESULT) (TPM_BASE + 28)) 1238#define TPM_AUTH2FAIL ((TPM_RESULT) (TPM_BASE + 29)) 1239#define TPM_BADTAG ((TPM_RESULT) (TPM_BASE + 30)) 1240#define TPM_IOERROR ((TPM_RESULT) (TPM_BASE + 31)) 1241#define TPM_ENCRYPT_ERROR ((TPM_RESULT) (TPM_BASE + 32)) 1242#define TPM_DECRYPT_ERROR ((TPM_RESULT) (TPM_BASE + 33)) 1243#define TPM_INVALID_AUTHHANDLE ((TPM_RESULT) (TPM_BASE + 34)) 1244#define TPM_NO_ENDORSEMENT ((TPM_RESULT) (TPM_BASE + 35)) 1245#define TPM_INVALID_KEYUSAGE ((TPM_RESULT) (TPM_BASE + 36)) 1246#define TPM_WRONG_ENTITYTYPE ((TPM_RESULT) (TPM_BASE + 37)) 1247#define TPM_INVALID_POSTINIT ((TPM_RESULT) (TPM_BASE + 38)) 1248#define TPM_INAPPROPRIATE_SIG ((TPM_RESULT) (TPM_BASE + 39)) 1249#define TPM_BAD_KEY_PROPERTY ((TPM_RESULT) (TPM_BASE + 40)) 1250#define TPM_BAD_MIGRATION ((TPM_RESULT) (TPM_BASE + 41)) 1251#define TPM_BAD_SCHEME ((TPM_RESULT) (TPM_BASE + 42)) 1252#define TPM_BAD_DATASIZE ((TPM_RESULT) (TPM_BASE + 43)) 1253#define TPM_BAD_MODE ((TPM_RESULT) (TPM_BASE + 44)) 1254#define TPM_BAD_PRESENCE ((TPM_RESULT) (TPM_BASE + 45)) 1255#define TPM_BAD_VERSION ((TPM_RESULT) (TPM_BASE + 46)) 1256#define TPM_NO_WRAP_TRANSPORT ((TPM_RESULT) (TPM_BASE + 47)) 1257#define TPM_AUDITFAIL_UNSUCCESSFUL ((TPM_RESULT) (TPM_BASE + 48)) 1258#define TPM_AUDITFAIL_SUCCESSFUL ((TPM_RESULT) (TPM_BASE + 49)) 1259#define TPM_NOTRESETABLE ((TPM_RESULT) (TPM_BASE + 50)) 1260#define TPM_NOTLOCAL ((TPM_RESULT) (TPM_BASE + 51)) 1261#define TPM_BAD_TYPE ((TPM_RESULT) (TPM_BASE + 52)) 1262#define TPM_INVALID_RESOURCE ((TPM_RESULT) (TPM_BASE + 53)) 1263#define TPM_NOTFIPS ((TPM_RESULT) (TPM_BASE + 54)) 1264#define TPM_INVALID_FAMILY ((TPM_RESULT) (TPM_BASE + 55)) 1265#define TPM_NO_NV_PERMISSION ((TPM_RESULT) (TPM_BASE + 56)) 1266#define TPM_REQUIRES_SIGN ((TPM_RESULT) (TPM_BASE + 57)) 1267#define TPM_KEY_NOTSUPPORTED ((TPM_RESULT) (TPM_BASE + 58)) 1268#define TPM_AUTH_CONFLICT ((TPM_RESULT) (TPM_BASE + 59)) 1269#define TPM_AREA_LOCKED ((TPM_RESULT) (TPM_BASE + 60)) 1270#define TPM_BAD_LOCALITY ((TPM_RESULT) (TPM_BASE + 61)) 1271#define TPM_READ_ONLY ((TPM_RESULT) (TPM_BASE + 62)) 1272#define TPM_PER_NOWRITE ((TPM_RESULT) (TPM_BASE + 63)) 1273#define TPM_FAMILYCOUNT ((TPM_RESULT) (TPM_BASE + 64)) 1274#define TPM_WRITE_LOCKED ((TPM_RESULT) (TPM_BASE + 65)) 1275#define TPM_BAD_ATTRIBUTES ((TPM_RESULT) (TPM_BASE + 66)) 1276#define TPM_INVALID_STRUCTURE ((TPM_RESULT) (TPM_BASE + 67)) 1277#define TPM_KEY_OWNER_CONTROL ((TPM_RESULT) (TPM_BASE + 68)) 1278#define TPM_BAD_COUNTER ((TPM_RESULT) (TPM_BASE + 69)) 1279#define TPM_NOT_FULLWRITE ((TPM_RESULT) (TPM_BASE + 70)) 1280#define TPM_CONTEXT_GAP ((TPM_RESULT) (TPM_BASE + 71)) 1281#define TPM_MAXNVWRITES ((TPM_RESULT) (TPM_BASE + 72)) 1282#define TPM_NOOPERATOR ((TPM_RESULT) (TPM_BASE + 73)) 1283#define TPM_RESOURCEMISSING ((TPM_RESULT) (TPM_BASE + 74)) 1284#define TPM_DELEGATE_LOCK ((TPM_RESULT) (TPM_BASE + 75)) 1285#define TPM_DELEGATE_FAMILY ((TPM_RESULT) (TPM_BASE + 76)) 1286#define TPM_DELEGATE_ADMIN ((TPM_RESULT) (TPM_BASE + 77)) 1287#define TPM_TRANSPORT_NOTEXCLUSIVE ((TPM_RESULT) (TPM_BASE + 78)) 1288#define TPM_OWNER_CONTROL ((TPM_RESULT) (TPM_BASE + 79)) 1289#define TPM_DAA_RESOURCES ((TPM_RESULT) (TPM_BASE + 80)) 1290#define TPM_DAA_INPUT_DATA0 ((TPM_RESULT) (TPM_BASE + 81)) 1291#define TPM_DAA_INPUT_DATA1 ((TPM_RESULT) (TPM_BASE + 82)) 1292#define TPM_DAA_ISSUER_SETTINGS ((TPM_RESULT) (TPM_BASE + 83)) 1293#define TPM_DAA_TPM_SETTINGS ((TPM_RESULT) (TPM_BASE + 84)) 1294#define TPM_DAA_STAGE ((TPM_RESULT) (TPM_BASE + 85)) 1295#define TPM_DAA_ISSUER_VALIDITY ((TPM_RESULT) (TPM_BASE + 86)) 1296#define TPM_DAA_WRONG_W ((TPM_RESULT) (TPM_BASE + 87)) 1297#define TPM_BAD_HANDLE ((TPM_RESULT) (TPM_BASE + 88)) 1298#define TPM_BAD_DELEGATE ((TPM_RESULT) (TPM_BASE + 89)) 1299#define TPM_BADCONTEXT ((TPM_RESULT) (TPM_BASE + 90)) 1300#define TPM_TOOMANYCONTEXTS ((TPM_RESULT) (TPM_BASE + 91)) 1301#define TPM_MA_TICKET_SIGNATURE ((TPM_RESULT) (TPM_BASE + 92)) 1302#define TPM_MA_DESTINATION ((TPM_RESULT) (TPM_BASE + 93)) 1303#define TPM_MA_SOURCE ((TPM_RESULT) (TPM_BASE + 94)) 1304#define TPM_MA_AUTHORITY ((TPM_RESULT) (TPM_BASE + 95)) 1305#define TPM_PERMANENTEK ((TPM_RESULT) (TPM_BASE + 97)) 1306#define TPM_BAD_SIGNATURE ((TPM_RESULT) (TPM_BASE + 98)) 1307#define TPM_NOCONTEXTSPACE ((TPM_RESULT) (TPM_BASE + 99)) 1308 1309#define TPM_RETRY ((TPM_RESULT) (TPM_BASE + TPM_NON_FATAL)) 1310#define TPM_NEEDS_SELFTEST ((TPM_RESULT) (TPM_BASE + TPM_NON_FATAL + 1)) 1311#define TPM_DOING_SELFTEST ((TPM_RESULT) (TPM_BASE + TPM_NON_FATAL + 2)) 1312#define TPM_DEFEND_LOCK_RUNNING ((TPM_RESULT) (TPM_BASE + TPM_NON_FATAL + 3)) 1313 1314// 1315// Part 2, section 17: Ordinals 1316// 1317// Ordinals are 32 bit values. The upper byte contains values that serve as 1318// flag indicators, the next byte contains values indicating what committee 1319// designated the ordinal, and the final two bytes contain the Command 1320// Ordinal Index. 1321// 3 2 1 1322// 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 1323// +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1324// |P|C|V| Reserved| Purview | Command Ordinal Index | 1325// +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1326// 1327// Where: 1328// 1329// * P is Protected/Unprotected command. When 0 the command is a Protected 1330// command, when 1 the command is an Unprotected command. 1331// 1332// * C is Non-Connection/Connection related command. When 0 this command 1333// passes through to either the protected (TPM) or unprotected (TSS) 1334// components. 1335// 1336// * V is TPM/Vendor command. When 0 the command is TPM defined, when 1 the 1337// command is vendor defined. 1338// 1339// * All reserved area bits are set to 0. 1340// 1341 1342#define TPM_ORD_ActivateIdentity ((TPM_COMMAND_CODE) 0x0000007A) 1343#define TPM_ORD_AuthorizeMigrationKey ((TPM_COMMAND_CODE) 0x0000002B) 1344#define TPM_ORD_CertifyKey ((TPM_COMMAND_CODE) 0x00000032) 1345#define TPM_ORD_CertifyKey2 ((TPM_COMMAND_CODE) 0x00000033) 1346#define TPM_ORD_CertifySelfTest ((TPM_COMMAND_CODE) 0x00000052) 1347#define TPM_ORD_ChangeAuth ((TPM_COMMAND_CODE) 0x0000000C) 1348#define TPM_ORD_ChangeAuthAsymFinish ((TPM_COMMAND_CODE) 0x0000000F) 1349#define TPM_ORD_ChangeAuthAsymStart ((TPM_COMMAND_CODE) 0x0000000E) 1350#define TPM_ORD_ChangeAuthOwner ((TPM_COMMAND_CODE) 0x00000010) 1351#define TPM_ORD_CMK_ApproveMA ((TPM_COMMAND_CODE) 0x0000001D) 1352#define TPM_ORD_CMK_ConvertMigration ((TPM_COMMAND_CODE) 0x00000024) 1353#define TPM_ORD_CMK_CreateBlob ((TPM_COMMAND_CODE) 0x0000001B) 1354#define TPM_ORD_CMK_CreateKey ((TPM_COMMAND_CODE) 0x00000013) 1355#define TPM_ORD_CMK_CreateTicket ((TPM_COMMAND_CODE) 0x00000012) 1356#define TPM_ORD_CMK_SetRestrictions ((TPM_COMMAND_CODE) 0x0000001C) 1357#define TPM_ORD_ContinueSelfTest ((TPM_COMMAND_CODE) 0x00000053) 1358#define TPM_ORD_ConvertMigrationBlob ((TPM_COMMAND_CODE) 0x0000002A) 1359#define TPM_ORD_CreateCounter ((TPM_COMMAND_CODE) 0x000000DC) 1360#define TPM_ORD_CreateEndorsementKeyPair ((TPM_COMMAND_CODE) 0x00000078) 1361#define TPM_ORD_CreateMaintenanceArchive ((TPM_COMMAND_CODE) 0x0000002C) 1362#define TPM_ORD_CreateMigrationBlob ((TPM_COMMAND_CODE) 0x00000028) 1363#define TPM_ORD_CreateRevocableEK ((TPM_COMMAND_CODE) 0x0000007F) 1364#define TPM_ORD_CreateWrapKey ((TPM_COMMAND_CODE) 0x0000001F) 1365#define TPM_ORD_DAA_JOIN ((TPM_COMMAND_CODE) 0x00000029) 1366#define TPM_ORD_DAA_SIGN ((TPM_COMMAND_CODE) 0x00000031) 1367#define TPM_ORD_Delegate_CreateKeyDelegation ((TPM_COMMAND_CODE) 0x000000D4) 1368#define TPM_ORD_Delegate_CreateOwnerDelegation ((TPM_COMMAND_CODE) 0x000000D5) 1369#define TPM_ORD_Delegate_LoadOwnerDelegation ((TPM_COMMAND_CODE) 0x000000D8) 1370#define TPM_ORD_Delegate_Manage ((TPM_COMMAND_CODE) 0x000000D2) 1371#define TPM_ORD_Delegate_ReadTable ((TPM_COMMAND_CODE) 0x000000DB) 1372#define TPM_ORD_Delegate_UpdateVerification ((TPM_COMMAND_CODE) 0x000000D1) 1373#define TPM_ORD_Delegate_VerifyDelegation ((TPM_COMMAND_CODE) 0x000000D6) 1374#define TPM_ORD_DirRead ((TPM_COMMAND_CODE) 0x0000001A) 1375#define TPM_ORD_DirWriteAuth ((TPM_COMMAND_CODE) 0x00000019) 1376#define TPM_ORD_DisableForceClear ((TPM_COMMAND_CODE) 0x0000005E) 1377#define TPM_ORD_DisableOwnerClear ((TPM_COMMAND_CODE) 0x0000005C) 1378#define TPM_ORD_DisablePubekRead ((TPM_COMMAND_CODE) 0x0000007E) 1379#define TPM_ORD_DSAP ((TPM_COMMAND_CODE) 0x00000011) 1380#define TPM_ORD_EstablishTransport ((TPM_COMMAND_CODE) 0x000000E6) 1381#define TPM_ORD_EvictKey ((TPM_COMMAND_CODE) 0x00000022) 1382#define TPM_ORD_ExecuteTransport ((TPM_COMMAND_CODE) 0x000000E7) 1383#define TPM_ORD_Extend ((TPM_COMMAND_CODE) 0x00000014) 1384#define TPM_ORD_FieldUpgrade ((TPM_COMMAND_CODE) 0x000000AA) 1385#define TPM_ORD_FlushSpecific ((TPM_COMMAND_CODE) 0x000000BA) 1386#define TPM_ORD_ForceClear ((TPM_COMMAND_CODE) 0x0000005D) 1387#define TPM_ORD_GetAuditDigest ((TPM_COMMAND_CODE) 0x00000085) 1388#define TPM_ORD_GetAuditDigestSigned ((TPM_COMMAND_CODE) 0x00000086) 1389#define TPM_ORD_GetAuditEvent ((TPM_COMMAND_CODE) 0x00000082) 1390#define TPM_ORD_GetAuditEventSigned ((TPM_COMMAND_CODE) 0x00000083) 1391#define TPM_ORD_GetCapability ((TPM_COMMAND_CODE) 0x00000065) 1392#define TPM_ORD_GetCapabilityOwner ((TPM_COMMAND_CODE) 0x00000066) 1393#define TPM_ORD_GetCapabilitySigned ((TPM_COMMAND_CODE) 0x00000064) 1394#define TPM_ORD_GetOrdinalAuditStatus ((TPM_COMMAND_CODE) 0x0000008C) 1395#define TPM_ORD_GetPubKey ((TPM_COMMAND_CODE) 0x00000021) 1396#define TPM_ORD_GetRandom ((TPM_COMMAND_CODE) 0x00000046) 1397#define TPM_ORD_GetTestResult ((TPM_COMMAND_CODE) 0x00000054) 1398#define TPM_ORD_GetTicks ((TPM_COMMAND_CODE) 0x000000F1) 1399#define TPM_ORD_IncrementCounter ((TPM_COMMAND_CODE) 0x000000DD) 1400#define TPM_ORD_Init ((TPM_COMMAND_CODE) 0x00000097) 1401#define TPM_ORD_KeyControlOwner ((TPM_COMMAND_CODE) 0x00000023) 1402#define TPM_ORD_KillMaintenanceFeature ((TPM_COMMAND_CODE) 0x0000002E) 1403#define TPM_ORD_LoadAuthContext ((TPM_COMMAND_CODE) 0x000000B7) 1404#define TPM_ORD_LoadContext ((TPM_COMMAND_CODE) 0x000000B9) 1405#define TPM_ORD_LoadKey ((TPM_COMMAND_CODE) 0x00000020) 1406#define TPM_ORD_LoadKey2 ((TPM_COMMAND_CODE) 0x00000041) 1407#define TPM_ORD_LoadKeyContext ((TPM_COMMAND_CODE) 0x000000B5) 1408#define TPM_ORD_LoadMaintenanceArchive ((TPM_COMMAND_CODE) 0x0000002D) 1409#define TPM_ORD_LoadManuMaintPub ((TPM_COMMAND_CODE) 0x0000002F) 1410#define TPM_ORD_MakeIdentity ((TPM_COMMAND_CODE) 0x00000079) 1411#define TPM_ORD_MigrateKey ((TPM_COMMAND_CODE) 0x00000025) 1412#define TPM_ORD_NV_DefineSpace ((TPM_COMMAND_CODE) 0x000000CC) 1413#define TPM_ORD_NV_ReadValue ((TPM_COMMAND_CODE) 0x000000CF) 1414#define TPM_ORD_NV_ReadValueAuth ((TPM_COMMAND_CODE) 0x000000D0) 1415#define TPM_ORD_NV_WriteValue ((TPM_COMMAND_CODE) 0x000000CD) 1416#define TPM_ORD_NV_WriteValueAuth ((TPM_COMMAND_CODE) 0x000000CE) 1417#define TPM_ORD_OIAP ((TPM_COMMAND_CODE) 0x0000000A) 1418#define TPM_ORD_OSAP ((TPM_COMMAND_CODE) 0x0000000B) 1419#define TPM_ORD_OwnerClear ((TPM_COMMAND_CODE) 0x0000005B) 1420#define TPM_ORD_OwnerReadInternalPub ((TPM_COMMAND_CODE) 0x00000081) 1421#define TPM_ORD_OwnerReadPubek ((TPM_COMMAND_CODE) 0x0000007D) 1422#define TPM_ORD_OwnerSetDisable ((TPM_COMMAND_CODE) 0x0000006E) 1423#define TPM_ORD_PCR_Reset ((TPM_COMMAND_CODE) 0x000000C8) 1424#define TPM_ORD_PcrRead ((TPM_COMMAND_CODE) 0x00000015) 1425#define TPM_ORD_PhysicalDisable ((TPM_COMMAND_CODE) 0x00000070) 1426#define TPM_ORD_PhysicalEnable ((TPM_COMMAND_CODE) 0x0000006F) 1427#define TPM_ORD_PhysicalSetDeactivated ((TPM_COMMAND_CODE) 0x00000072) 1428#define TPM_ORD_Quote ((TPM_COMMAND_CODE) 0x00000016) 1429#define TPM_ORD_Quote2 ((TPM_COMMAND_CODE) 0x0000003E) 1430#define TPM_ORD_ReadCounter ((TPM_COMMAND_CODE) 0x000000DE) 1431#define TPM_ORD_ReadManuMaintPub ((TPM_COMMAND_CODE) 0x00000030) 1432#define TPM_ORD_ReadPubek ((TPM_COMMAND_CODE) 0x0000007C) 1433#define TPM_ORD_ReleaseCounter ((TPM_COMMAND_CODE) 0x000000DF) 1434#define TPM_ORD_ReleaseCounterOwner ((TPM_COMMAND_CODE) 0x000000E0) 1435#define TPM_ORD_ReleaseTransportSigned ((TPM_COMMAND_CODE) 0x000000E8) 1436#define TPM_ORD_Reset ((TPM_COMMAND_CODE) 0x0000005A) 1437#define TPM_ORD_ResetLockValue ((TPM_COMMAND_CODE) 0x00000040) 1438#define TPM_ORD_RevokeTrust ((TPM_COMMAND_CODE) 0x00000080) 1439#define TPM_ORD_SaveAuthContext ((TPM_COMMAND_CODE) 0x000000B6) 1440#define TPM_ORD_SaveContext ((TPM_COMMAND_CODE) 0x000000B8) 1441#define TPM_ORD_SaveKeyContext ((TPM_COMMAND_CODE) 0x000000B4) 1442#define TPM_ORD_SaveState ((TPM_COMMAND_CODE) 0x00000098) 1443#define TPM_ORD_Seal ((TPM_COMMAND_CODE) 0x00000017) 1444#define TPM_ORD_Sealx ((TPM_COMMAND_CODE) 0x0000003D) 1445#define TPM_ORD_SelfTestFull ((TPM_COMMAND_CODE) 0x00000050) 1446#define TPM_ORD_SetCapability ((TPM_COMMAND_CODE) 0x0000003F) 1447#define TPM_ORD_SetOperatorAuth ((TPM_COMMAND_CODE) 0x00000074) 1448#define TPM_ORD_SetOrdinalAuditStatus ((TPM_COMMAND_CODE) 0x0000008D) 1449#define TPM_ORD_SetOwnerInstall ((TPM_COMMAND_CODE) 0x00000071) 1450#define TPM_ORD_SetOwnerPointer ((TPM_COMMAND_CODE) 0x00000075) 1451#define TPM_ORD_SetRedirection ((TPM_COMMAND_CODE) 0x0000009A) 1452#define TPM_ORD_SetTempDeactivated ((TPM_COMMAND_CODE) 0x00000073) 1453#define TPM_ORD_SHA1Complete ((TPM_COMMAND_CODE) 0x000000A2) 1454#define TPM_ORD_SHA1CompleteExtend ((TPM_COMMAND_CODE) 0x000000A3) 1455#define TPM_ORD_SHA1Start ((TPM_COMMAND_CODE) 0x000000A0) 1456#define TPM_ORD_SHA1Update ((TPM_COMMAND_CODE) 0x000000A1) 1457#define TPM_ORD_Sign ((TPM_COMMAND_CODE) 0x0000003C) 1458#define TPM_ORD_Startup ((TPM_COMMAND_CODE) 0x00000099) 1459#define TPM_ORD_StirRandom ((TPM_COMMAND_CODE) 0x00000047) 1460#define TPM_ORD_TakeOwnership ((TPM_COMMAND_CODE) 0x0000000D) 1461#define TPM_ORD_Terminate_Handle ((TPM_COMMAND_CODE) 0x00000096) 1462#define TPM_ORD_TickStampBlob ((TPM_COMMAND_CODE) 0x000000F2) 1463#define TPM_ORD_UnBind ((TPM_COMMAND_CODE) 0x0000001E) 1464#define TPM_ORD_Unseal ((TPM_COMMAND_CODE) 0x00000018) 1465#define TSC_ORD_PhysicalPresence ((TPM_COMMAND_CODE) 0x4000000A) 1466#define TSC_ORD_ResetEstablishmentBit ((TPM_COMMAND_CODE) 0x4000000B) 1467 1468// 1469// Part 2, section 18: Context structures 1470// 1471 1472typedef struct tdTPM_CONTEXT_BLOB 1473{ 1474 TPM_STRUCTURE_TAG tag; 1475 TPM_RESOURCE_TYPE resourceType; 1476 TPM_HANDLE handle; 1477 UINT8 label[16]; 1478 UINT32 contextCount; 1479 TPM_DIGEST integrityDigest; 1480 UINT32 additionalSize; 1481 UINT8 *additionalData; 1482 UINT32 sensitiveSize; 1483 UINT8 *sensitiveData; 1484} TPM_CONTEXT_BLOB; 1485 1486typedef struct tdTPM_CONTEXT_SENSITIVE 1487{ 1488 TPM_STRUCTURE_TAG tag; 1489 TPM_NONCE contextNonce; 1490 UINT32 internalSize; 1491 UINT8 *internalData; 1492} TPM_CONTEXT_SENSITIVE; 1493 1494// 1495// Part 2, section 19: NV Structures 1496// 1497 1498#define TPM_NV_INDEX_LOCK ((UINT32)0xffffffff) 1499#define TPM_NV_INDEX0 ((UINT32)0x00000000) 1500#define TPM_NV_INDEX_DIR ((UINT32)0x10000001) 1501#define TPM_NV_INDEX_EKCert ((UINT32)0x0000f000) 1502#define TPM_NV_INDEX_TPM_CC ((UINT32)0x0000f001) 1503#define TPM_NV_INDEX_PlatformCert ((UINT32)0x0000f002) 1504#define TPM_NV_INDEX_Platform_CC ((UINT32)0x0000f003) 1505// The following define ranges of reserved indices. 1506#define TPM_NV_INDEX_TSS_BASE ((UINT32)0x00011100) 1507#define TPM_NV_INDEX_PC_BASE ((UINT32)0x00011200) 1508#define TPM_NV_INDEX_SERVER_BASE ((UINT32)0x00011300) 1509#define TPM_NV_INDEX_MOBILE_BASE ((UINT32)0x00011400) 1510#define TPM_NV_INDEX_PERIPHERAL_BASE ((UINT32)0x00011500) 1511#define TPM_NV_INDEX_GROUP_RESV_BASE ((UINT32)0x00010000) 1512 1513typedef UINT32 TPM_NV_PER_ATTRIBUTES; 1514// The typedefs TPM_NV_PER_ATTRIBUTES (not present in TPM 1.2 Spec. have been added 1515// and structure fields that were to hold the following values 1516#define TPM_NV_PER_READ_STCLEAR (((UINT32)1)<<31) 1517#define TPM_NV_PER_AUTHREAD (((UINT32)1)<<18) 1518#define TPM_NV_PER_OWNERREAD (((UINT32)1)<<17) 1519#define TPM_NV_PER_PPREAD (((UINT32)1)<<16) 1520#define TPM_NV_PER_GLOBALLOCK (((UINT32)1)<<15) 1521#define TPM_NV_PER_WRITE_STCLEAR (((UINT32)1)<<14) 1522#define TPM_NV_PER_WRITEDEFINE (((UINT32)1)<<13) 1523#define TPM_NV_PER_WRITEALL (((UINT32)1)<<12) 1524#define TPM_NV_PER_AUTHWRITE (((UINT32)1)<<2) 1525#define TPM_NV_PER_OWNERWRITE (((UINT32)1)<<1) 1526#define TPM_NV_PER_PPWRITE (((UINT32)1)<<0) 1527 1528typedef struct tdTPM_NV_ATTRIBUTES 1529{ 1530 TPM_STRUCTURE_TAG tag; 1531 TPM_NV_PER_ATTRIBUTES attributes; 1532} TPM_NV_ATTRIBUTES; 1533 1534 1535typedef struct tdTPM_NV_DATA_PUBLIC 1536{ 1537 TPM_STRUCTURE_TAG tag; 1538 TPM_NV_INDEX nvIndex; 1539 TPM_PCR_INFO_SHORT pcrInfoRead; 1540 TPM_PCR_INFO_SHORT pcrInfoWrite; 1541 TPM_NV_ATTRIBUTES permission; 1542 BOOLEAN bReadSTClear; 1543 BOOLEAN bWriteSTClear; 1544 BOOLEAN bWriteDefine; 1545 UINT32 dataSize; 1546} TPM_NV_DATA_PUBLIC; 1547 1548 1549 1550// Internal to TPM: 1551//typedef struct tdTPM_NV_DATA_SENSITIVE 1552//{ 1553// TPM_STRUCTURE_TAG tag; 1554// TPM_NV_DATA_PUBLIC pubInfo; 1555// TPM_AUTHDATA authValue; 1556// UINT8 *data; 1557//} TPM_NV_DATA_SENSITIVE; 1558 1559 1560// 1561// Part 2, section 20: Delegation 1562// 1563 1564// 1565// Part 2, section 20.2.1: Owner Permissions Settings for per1 bits 1566// 1567#define TPM_DELEGATE_SetOrdinalAuditStatus (((UINT32)1)<<30) 1568#define TPM_DELEGATE_DirWriteAuth (((UINT32)1)<<29) 1569#define TPM_DELEGATE_CMK_ApproveMA (((UINT32)1)<<28) 1570#define TPM_DELEGATE_NV_WriteValue (((UINT32)1)<<27) 1571#define TPM_DELEGATE_CMK_CreateTicket (((UINT32)1)<<26) 1572#define TPM_DELEGATE_NV_ReadValue (((UINT32)1)<<25) 1573#define TPM_DELEGATE_Delegate_LoadOwnerDelegation (((UINT32)1)<<24) 1574#define TPM_DELEGATE_DAA_Join (((UINT32)1)<<23) 1575#define TPM_DELEGATE_AuthorizeMigrationKey (((UINT32)1)<<22) 1576#define TPM_DELEGATE_CreateMaintenanceArchive (((UINT32)1)<<21) 1577#define TPM_DELEGATE_LoadMaintenanceArchive (((UINT32)1)<<20) 1578#define TPM_DELEGATE_KillMaintenanceFeature (((UINT32)1)<<19) 1579#define TPM_DELEGATE_OwnerReadInteralPub (((UINT32)1)<<18) 1580#define TPM_DELEGATE_ResetLockValue (((UINT32)1)<<17) 1581#define TPM_DELEGATE_OwnerClear (((UINT32)1)<<16) 1582#define TPM_DELEGATE_DisableOwnerClear (((UINT32)1)<<15) 1583#define TPM_DELEGATE_NV_DefineSpace (((UINT32)1)<<14) 1584#define TPM_DELEGATE_OwnerSetDisable (((UINT32)1)<<13) 1585#define TPM_DELEGATE_SetCapability (((UINT32)1)<<12) 1586#define TPM_DELEGATE_MakeIdentity (((UINT32)1)<<11) 1587#define TPM_DELEGATE_ActivateIdentity (((UINT32)1)<<10) 1588#define TPM_DELEGATE_OwnerReadPubek (((UINT32)1)<<9) 1589#define TPM_DELEGATE_DisablePubekRead (((UINT32)1)<<8) 1590#define TPM_DELEGATE_SetRedirection (((UINT32)1)<<7) 1591#define TPM_DELEGATE_FieldUpgrade (((UINT32)1)<<6) 1592#define TPM_DELEGATE_Delegate_UpdateVerification (((UINT32)1)<<5) 1593#define TPM_DELEGATE_CreateCounter (((UINT32)1)<<4) 1594#define TPM_DELEGATE_ReleaseCounterOwner (((UINT32)1)<<3) 1595#define TPM_DELEGATE_DelegateManage (((UINT32)1)<<2) 1596#define TPM_DELEGATE_Delegate_CreateOwnerDelegation (((UINT32)1)<<1) 1597#define TPM_DELEGATE_DAA_Sign (((UINT32)1)<<0) 1598 1599// 1600// Part 2, section 20.2.3: Key Permissions Settings for per1 bits 1601// 1602#define TPM_KEY_DELEGATE_CMK_ConvertMigration (((UINT32)1)<<28) 1603#define TPM_KEY_DELEGATE_TickStampBlob (((UINT32)1)<<27) 1604#define TPM_KEY_DELEGATE_ChangeAuthAsymStart (((UINT32)1)<<26) 1605#define TPM_KEY_DELEGATE_ChangeAuthAsymFinish (((UINT32)1)<<25) 1606#define TPM_KEY_DELEGATE_CMK_CreateKey (((UINT32)1)<<24) 1607#define TPM_KEY_DELEGATE_MigrateKey (((UINT32)1)<<23) 1608#define TPM_KEY_DELEGATE_LoadKey2 (((UINT32)1)<<22) 1609#define TPM_KEY_DELEGATE_EstablishTransport (((UINT32)1)<<21) 1610#define TPM_KEY_DELEGATE_ReleaseTransportSigned (((UINT32)1)<<20) 1611#define TPM_KEY_DELEGATE_Quote2 (((UINT32)1)<<19) 1612#define TPM_KEY_DELEGATE_Sealx (((UINT32)1)<<18) 1613#define TPM_KEY_DELEGATE_MakeIdentity (((UINT32)1)<<17) 1614#define TPM_KEY_DELEGATE_ActivateIdentity (((UINT32)1)<<16) 1615#define TPM_KEY_DELEGATE_GetAuditDigestSigned (((UINT32)1)<<15) 1616#define TPM_KEY_DELEGATE_Sign (((UINT32)1)<<14) 1617#define TPM_KEY_DELEGATE_CertifyKey2 (((UINT32)1)<<13) 1618#define TPM_KEY_DELEGATE_CertifyKey (((UINT32)1)<<12) 1619#define TPM_KEY_DELEGATE_CreateWrapKey (((UINT32)1)<<11) 1620#define TPM_KEY_DELEGATE_CMK_CreateBlob (((UINT32)1)<<10) 1621#define TPM_KEY_DELEGATE_CreateMigrationBlob (((UINT32)1)<<9) 1622#define TPM_KEY_DELEGATE_ConvertMigrationBlob (((UINT32)1)<<8) 1623#define TPM_KEY_DELEGATE_CreateKeyDelegation (((UINT32)1)<<7) 1624#define TPM_KEY_DELEGATE_ChangeAuth (((UINT32)1)<<6) 1625#define TPM_KEY_DELEGATE_GetPubKey (((UINT32)1)<<5) 1626#define TPM_KEY_DELEGATE_UnBind (((UINT32)1)<<4) 1627#define TPM_KEY_DELEGATE_Quote (((UINT32)1)<<3) 1628#define TPM_KEY_DELEGATE_Unseal (((UINT32)1)<<2) 1629#define TPM_KEY_DELEGATE_Seal (((UINT32)1)<<1) 1630#define TPM_KEY_DELEGATE_LoadKey (((UINT32)1)<<0) 1631 1632#define TPM_FAMILY_CREATE ((UINT32)0x00000001) 1633#define TPM_FAMILY_ENABLE ((UINT32)0x00000002) 1634#define TPM_FAMILY_ADMIN ((UINT32)0x00000003) 1635#define TPM_FAMILY_INVALIDATE ((UINT32)0x00000004) 1636 1637#define TPM_FAMFLAG_DELEGATE_ADMIN_LOCK (((UINT32)1)<<1) 1638#define TPM_FAMFLAG_ENABLE (((UINT32)1)<<0) 1639 1640typedef struct tdTPM_FAMILY_LABEL 1641{ 1642 UINT8 label; 1643} TPM_FAMILY_LABEL; 1644 1645typedef struct tdTPM_FAMILY_TABLE_ENTRY 1646{ 1647 TPM_STRUCTURE_TAG tag; 1648 TPM_FAMILY_LABEL label; 1649 TPM_FAMILY_ID familyID; 1650 TPM_FAMILY_VERIFICATION verificationCount; 1651 TPM_FAMILY_FLAGS flags; 1652} TPM_FAMILY_TABLE_ENTRY; 1653 1654#define TPM_FAMILY_TABLE_ENTRY_MIN 8 1655//typedef struct tdTPM_FAMILY_TABLE 1656//{ 1657// TPM_FAMILY_TABLE_ENTRY FamTableRow[TPM_NUM_FAMILY_TABLE_ENTRY_MIN]; 1658//} TPM_FAMILY_TABLE; 1659 1660 1661typedef struct tdTPM_DELEGATE_LABEL 1662{ 1663 UINT8 label; 1664} TPM_DELEGATE_LABEL; 1665 1666 1667typedef UINT32 TPM_DELEGATE_TYPE; 1668#define TPM_DEL_OWNER_BITS ((UINT32)0x00000001) 1669#define TPM_DEL_KEY_BITS ((UINT32)0x00000002) 1670 1671typedef struct tdTPM_DELEGATIONS 1672{ 1673 TPM_STRUCTURE_TAG tag; 1674 TPM_DELEGATE_TYPE delegateType; 1675 UINT32 per1; 1676 UINT32 per2; 1677} TPM_DELEGATIONS; 1678 1679typedef struct tdTPM_DELEGATE_PUBLIC 1680{ 1681 TPM_STRUCTURE_TAG tag; 1682 TPM_DELEGATE_LABEL label; 1683 TPM_PCR_INFO_SHORT pcrInfo; 1684 TPM_DELEGATIONS permissions; 1685 TPM_FAMILY_ID familyID; 1686 TPM_FAMILY_VERIFICATION verificationCount; 1687} TPM_DELEGATE_PUBLIC; 1688 1689typedef struct tdTPM_DELEGATE_TABLE_ROW 1690{ 1691 TPM_STRUCTURE_TAG tag; 1692 TPM_DELEGATE_PUBLIC pub; 1693 TPM_SECRET authValue; 1694} TPM_DELEGATE_TABLE_ROW; 1695 1696 1697#define TPM_NUM_DELEGATE_TABLE_ENTRY_MIN 2 1698//typedef struct tdTPM_DELEGATE_TABLE 1699//{ 1700// TPM_DELEGATE_TABLE_ROW delRow[TPM_NUM_DELEGATE_TABLE_ENTRY_MIN]; 1701//} TPM_DELEGATE_TABLE; 1702 1703typedef struct tdTPM_DELEGATE_SENSITIVE 1704{ 1705 TPM_STRUCTURE_TAG tag; 1706 TPM_SECRET authValue; 1707} TPM_DELEGATE_SENSITIVE; 1708 1709typedef struct tdTPM_DELEGATE_OWNER_BLOB 1710{ 1711 TPM_STRUCTURE_TAG tag; 1712 TPM_DELEGATE_PUBLIC pub; 1713 TPM_DIGEST integrityDigest; 1714 UINT32 additionalSize; 1715 UINT8 *additionalArea; 1716 UINT32 sensitiveSize; 1717 UINT8 *sensitiveArea; 1718} TPM_DELEGATE_OWNER_BLOB; 1719 1720typedef struct tdTPM_DELEGATE_KEY_BLOB 1721{ 1722 TPM_STRUCTURE_TAG tag; 1723 TPM_DELEGATE_PUBLIC pub; 1724 TPM_DIGEST integrityDigest; 1725 TPM_DIGEST pubKeyDigest; 1726 UINT32 additionalSize; 1727 UINT8 *additionalArea; 1728 UINT32 sensitiveSize; 1729 UINT8 *sensitiveArea; 1730} TPM_DELEGATE_KEY_BLOB; 1731 1732// 1733// Part 2, section 21.1: TPM_CAPABILITY_AREA for GetCapability 1734// 1735#define TPM_CAP_ORD ((TPM_CAPABILITY_AREA) 0x00000001) 1736#define TPM_CAP_ALG ((TPM_CAPABILITY_AREA) 0x00000002) 1737#define TPM_CAP_PID ((TPM_CAPABILITY_AREA) 0x00000003) 1738#define TPM_CAP_FLAG ((TPM_CAPABILITY_AREA) 0x00000004) 1739#define TPM_CAP_PROPERTY ((TPM_CAPABILITY_AREA) 0x00000005) 1740#define TPM_CAP_VERSION ((TPM_CAPABILITY_AREA) 0x00000006) 1741#define TPM_CAP_KEY_HANDLE ((TPM_CAPABILITY_AREA) 0x00000007) 1742#define TPM_CAP_CHECK_LOADED ((TPM_CAPABILITY_AREA) 0x00000008) 1743#define TPM_CAP_SYM_MODE ((TPM_CAPABILITY_AREA) 0x00000009) 1744#define TPM_CAP_KEY_STATUS ((TPM_CAPABILITY_AREA) 0x0000000C) 1745#define TPM_CAP_NV_LIST ((TPM_CAPABILITY_AREA) 0x0000000D) 1746#define TPM_CAP_MFR ((TPM_CAPABILITY_AREA) 0x00000010) 1747#define TPM_CAP_NV_INDEX ((TPM_CAPABILITY_AREA) 0x00000011) 1748#define TPM_CAP_TRANS_ALG ((TPM_CAPABILITY_AREA) 0x00000012) 1749#define TPM_CAP_HANDLE ((TPM_CAPABILITY_AREA) 0x00000014) 1750#define TPM_CAP_TRANS_ES ((TPM_CAPABILITY_AREA) 0x00000015) 1751#define TPM_CAP_AUTH_ENCRYPT ((TPM_CAPABILITY_AREA) 0x00000017) 1752#define TPM_CAP_SELECT_SIZE ((TPM_CAPABILITY_AREA) 0x00000018) 1753#define TPM_CAP_VERSION_VAL ((TPM_CAPABILITY_AREA) 0x0000001A) 1754 1755#define TPM_CAP_FLAG_PERMANENT ((TPM_CAPABILITY_AREA) 0x00000108) 1756#define TPM_CAP_FLAG_VOLATILE ((TPM_CAPABILITY_AREA) 0x00000109) 1757 1758// 1759// Part 2, section 21.2: CAP_PROPERTY Subcap values for GetCapability 1760// 1761#define TPM_CAP_PROP_PCR ((TPM_CAPABILITY_AREA) 0x00000101) 1762#define TPM_CAP_PROP_DIR ((TPM_CAPABILITY_AREA) 0x00000102) 1763#define TPM_CAP_PROP_MANUFACTURER ((TPM_CAPABILITY_AREA) 0x00000103) 1764#define TPM_CAP_PROP_KEYS ((TPM_CAPABILITY_AREA) 0x00000104) 1765#define TPM_CAP_PROP_MIN_COUNTER ((TPM_CAPABILITY_AREA) 0x00000107) 1766#define TPM_CAP_PROP_AUTHSESS ((TPM_CAPABILITY_AREA) 0x0000010A) 1767#define TPM_CAP_PROP_TRANSESS ((TPM_CAPABILITY_AREA) 0x0000010B) 1768#define TPM_CAP_PROP_COUNTERS ((TPM_CAPABILITY_AREA) 0x0000010C) 1769#define TPM_CAP_PROP_MAX_AUTHSESS ((TPM_CAPABILITY_AREA) 0x0000010D) 1770#define TPM_CAP_PROP_MAX_TRANSESS ((TPM_CAPABILITY_AREA) 0x0000010E) 1771#define TPM_CAP_PROP_MAX_COUNTERS ((TPM_CAPABILITY_AREA) 0x0000010F) 1772#define TPM_CAP_PROP_MAX_KEYS ((TPM_CAPABILITY_AREA) 0x00000110) 1773#define TPM_CAP_PROP_OWNER ((TPM_CAPABILITY_AREA) 0x00000111) 1774#define TPM_CAP_PROP_CONTEXT ((TPM_CAPABILITY_AREA) 0x00000112) 1775#define TPM_CAP_PROP_MAX_CONTEXT ((TPM_CAPABILITY_AREA) 0x00000113) 1776#define TPM_CAP_PROP_FAMILYROWS ((TPM_CAPABILITY_AREA) 0x00000114) 1777#define TPM_CAP_PROP_TIS_TIMEOUT ((TPM_CAPABILITY_AREA) 0x00000115) 1778#define TPM_CAP_PROP_STARTUP_EFFECT ((TPM_CAPABILITY_AREA) 0x00000116) 1779#define TPM_CAP_PROP_DELEGATE_ROW ((TPM_CAPABILITY_AREA) 0x00000117) 1780#define TPM_CAP_PROP_DAA_MAX ((TPM_CAPABILITY_AREA) 0x00000119) 1781#define CAP_PROP_SESSION_DAA ((TPM_CAPABILITY_AREA) 0x0000011A) 1782#define TPM_CAP_PROP_CONTEXT_DIST ((TPM_CAPABILITY_AREA) 0x0000011B) 1783#define TPM_CAP_PROP_DAA_INTERRUPT ((TPM_CAPABILITY_AREA) 0x0000011C) 1784#define TPM_CAP_PROP_SESSIONS ((TPM_CAPABILITY_AREA) 0x0000011D) 1785#define TPM_CAP_PROP_MAX_SESSIONS ((TPM_CAPABILITY_AREA) 0x0000011E) 1786#define TPM_CAP_PROP_CMK_RESTRICTION ((TPM_CAPABILITY_AREA) 0x0000011F) 1787#define TPM_CAP_PROP_DURATION ((TPM_CAPABILITY_AREA) 0x00000120) 1788#define TPM_CAP_PROP_ACTIVE_COUNTER ((TPM_CAPABILITY_AREA) 0x00000122) 1789#define TPM_CAP_PROP_MAX_NV_AVAILABLE ((TPM_CAPABILITY_AREA) 0x00000123) 1790#define TPM_CAP_PROP_INPUT_BUFFER ((TPM_CAPABILITY_AREA) 0x00000124) 1791 1792// 1793// Part 2, section 21.4: TPM_CAPABILITY_AREA for SetCapability 1794// 1795#define TPM_SET_PERM_FLAGS ((TPM_CAPABILITY_AREA) 0x00000001) 1796#define TPM_SET_PERM_DATA ((TPM_CAPABILITY_AREA) 0x00000002) 1797#define TPM_SET_STCLEAR_FLAGS ((TPM_CAPABILITY_AREA) 0x00000003) 1798#define TPM_SET_STCLEAR_DATA ((TPM_CAPABILITY_AREA) 0x00000004) 1799#define TPM_SET_STANY_FLAGS ((TPM_CAPABILITY_AREA) 0x00000005) 1800#define TPM_SET_STANY_DATA ((TPM_CAPABILITY_AREA) 0x00000006) 1801 1802// Part 2, section 21.6: TPM_CAP_VERSION_INFO 1803// [size_is(vendorSpecificSize)] BYTE* vendorSpecific; 1804// 1805typedef struct tdTPM_CAP_VERSION_INFO { 1806 TPM_STRUCTURE_TAG tag; 1807 TPM_VERSION version; 1808 UINT16 specLevel; 1809 UINT8 errataRev; 1810 UINT8 tpmVendorID[4]; 1811 UINT16 vendorSpecificSize; 1812 UINT8 *vendorSpecific; 1813} TPM_CAP_VERSION_INFO; 1814 1815// 1816// Part 2, section 21.10: TPM_DA_ACTION_TYPE 1817// 1818typedef struct tdTPM_DA_ACTION_TYPE { 1819 TPM_STRUCTURE_TAG tag; 1820 UINT32 actions; 1821} TPM_DA_ACTION_TYPE; 1822 1823#define TPM_DA_ACTION_FAILURE_MODE (((UINT32)1)<<3) 1824#define TPM_DA_ACTION_DEACTIVATE (((UINT32)1)<<2) 1825#define TPM_DA_ACTION_DISABLE (((UINT32)1)<<1) 1826#define TPM_DA_ACTION_TIMEOUT (((UINT32)1)<<0) 1827 1828// 1829// Part 2, section 21.7: TPM_DA_INFO 1830// 1831typedef struct tdTPM_DA_INFO { 1832 TPM_STRUCTURE_TAG tag; 1833 TPM_DA_STATE state; 1834 UINT16 currentCount; 1835 UINT16 thresholdCount; 1836 TPM_DA_ACTION_TYPE actionAtThreshold; 1837 UINT32 actionDependValue; 1838 UINT32 vendorDataSize; 1839 UINT8 *vendorData; 1840} TPM_DA_INFO; 1841 1842// 1843// Part 2, section 21.8: TPM_DA_INFO_LIMITED 1844// 1845typedef struct tdTPM_DA_INFO_LIMITED { 1846 TPM_STRUCTURE_TAG tag; 1847 TPM_DA_STATE state; 1848 TPM_DA_ACTION_TYPE actionAtThreshold; 1849 UINT32 vendorDataSize; 1850 UINT8 *vendorData; 1851} TPM_DA_INFO_LIMITED; 1852 1853// 1854// Part 2, section 21.9: CAP_PROPERTY Subcap values for GetCapability 1855// 1856#define TPM_DA_STATE_INACTIVE ((UINT8)0x00) 1857#define TPM_DA_STATE_ACTIVE ((UINT8)0x01) 1858 1859// 1860// Part 2, section 22: DAA Structures 1861// 1862 1863#define TPM_DAA_SIZE_r0 (43) 1864#define TPM_DAA_SIZE_r1 (43) 1865#define TPM_DAA_SIZE_r2 (128) 1866#define TPM_DAA_SIZE_r3 (168) 1867#define TPM_DAA_SIZE_r4 (219) 1868#define TPM_DAA_SIZE_NT (20) 1869#define TPM_DAA_SIZE_v0 (128) 1870#define TPM_DAA_SIZE_v1 (192) 1871#define TPM_DAA_SIZE_NE (256) 1872#define TPM_DAA_SIZE_w (256) 1873#define TPM_DAA_SIZE_issuerModulus (256) 1874#define TPM_DAA_power0 (104) 1875#define TPM_DAA_power1 (1024) 1876 1877typedef struct tdTPM_DAA_ISSUER 1878{ 1879 TPM_STRUCTURE_TAG tag; 1880 TPM_DIGEST DAA_digest_R0; 1881 TPM_DIGEST DAA_digest_R1; 1882 TPM_DIGEST DAA_digest_S0; 1883 TPM_DIGEST DAA_digest_S1; 1884 TPM_DIGEST DAA_digest_n; 1885 TPM_DIGEST DAA_digest_gamma; 1886 UINT8 DAA_generic_q[26]; 1887} TPM_DAA_ISSUER; 1888 1889 1890typedef struct tdTPM_DAA_TPM 1891{ 1892 TPM_STRUCTURE_TAG tag; 1893 TPM_DIGEST DAA_digestIssuer; 1894 TPM_DIGEST DAA_digest_v0; 1895 TPM_DIGEST DAA_digest_v1; 1896 TPM_DIGEST DAA_rekey; 1897 UINT32 DAA_count; 1898} TPM_DAA_TPM; 1899 1900typedef struct tdTPM_DAA_CONTEXT 1901{ 1902 TPM_STRUCTURE_TAG tag; 1903 TPM_DIGEST DAA_digestContext; 1904 TPM_DIGEST DAA_digest; 1905 TPM_DAA_CONTEXT_SEED DAA_contextSeed; 1906 UINT8 DAA_scratch[256]; 1907 UINT8 DAA_stage; 1908} TPM_DAA_CONTEXT; 1909 1910typedef struct tdTPM_DAA_JOINDATA 1911{ 1912 UINT8 DAA_join_u0[128]; 1913 UINT8 DAA_join_u1[138]; 1914 TPM_DIGEST DAA_digest_n0; 1915} TPM_DAA_JOINDATA; 1916 1917typedef struct tdTPM_DAA_BLOB 1918{ 1919 TPM_STRUCTURE_TAG tag; 1920 TPM_RESOURCE_TYPE resourceType; 1921 UINT8 label[16]; 1922 TPM_DIGEST blobIntegrity; 1923 UINT32 additionalSize; 1924 UINT8 *additionalData; 1925 UINT32 sensitiveSize; 1926 UINT8 *sensitiveData; 1927} TPM_DAA_BLOB; 1928 1929typedef struct tdTPM_DAA_SENSITIVE 1930{ 1931 TPM_STRUCTURE_TAG tag; 1932 UINT32 internalSize; 1933 UINT8 *internalData; 1934} TPM_DAA_SENSITIVE; 1935 1936 1937// 1938// Part 2, section 23: Redirection 1939// 1940 1941// This section of the TPM spec defines exactly one value but does not 1942// give it a name. The definition of TPM_SetRedirection in Part3 1943// refers to exactly one name but does not give its value. We join 1944// them here. 1945#define TPM_REDIR_GPIO (0x00000001) 1946 1947// 1948// TPM Command & Response Headers 1949// 1950typedef struct tdTPM_RQU_COMMAND_HDR { 1951 TPM_STRUCTURE_TAG tag; 1952 UINT32 paramSize; 1953 TPM_COMMAND_CODE ordinal; 1954} TPM_RQU_COMMAND_HDR; 1955 1956typedef struct tdTPM_RSP_COMMAND_HDR { 1957 TPM_STRUCTURE_TAG tag; 1958 UINT32 paramSize; 1959 TPM_RESULT returnCode; 1960} TPM_RSP_COMMAND_HDR; 1961 1962#ifndef __GNUC__ 1963#pragma pack (pop) 1964#endif 1965 1966#endif // _TPM12_H_ 1967