1 /** @addtogroup MC_CONTAINER mcContainer - Containers for MobiCore Content Management. 2 * @ingroup MC_DATA_TYPES 3 * @{ 4 * 5 * <!-- Copyright Giesecke & Devrient GmbH 2009-2012 --> 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 3. The name of the author may not be used to endorse or promote 16 * products derived from this software without specific prior 17 * written permission. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS 20 * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 21 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 22 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY 23 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE 25 * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 26 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, 27 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 28 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 29 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 30 */ 31 #ifndef MC_CONTAINER_H_ 32 #define MC_CONTAINER_H_ 33 34 #include <stdint.h> 35 36 #include "mcRootid.h" 37 #include "mcSpid.h" 38 #include "mcUuid.h" 39 #include "mcSo.h" 40 #include "mcSuid.h" 41 42 #define CONTAINER_VERSION_MAJOR 2 43 #define CONTAINER_VERSION_MINOR 0 44 45 #define CONTAINER_FORMAT_SO21 1 46 47 #define MC_CONT_SYMMETRIC_KEY_SIZE 32 48 #define MC_CONT_PUBLIC_KEY_SIZE 320 49 #define MC_CONT_CHILDREN_COUNT 16 50 #define MC_DATA_CONT_MAX_DATA_SIZE 2048 51 #define MC_TLT_CODE_HASH_SIZE 32 52 53 #define MC_BYTES_TO_WORDS(bytes) ( (bytes) / sizeof(uint32_t) ) 54 #define MC_ENUM_32BIT_SPACER ((int32_t)-1) 55 56 typedef uint32_t mcContVersion_t; 57 58 /** Personalization Data ID. */ 59 typedef struct { 60 uint32_t data; 61 } mcPid_t; 62 63 typedef struct { 64 uint32_t keydata[MC_BYTES_TO_WORDS(MC_CONT_SYMMETRIC_KEY_SIZE)]; 65 } mcSymmetricKey_t; 66 67 typedef struct { 68 uint32_t keydata[MC_BYTES_TO_WORDS(MC_CONT_PUBLIC_KEY_SIZE)]; 69 } mcPublicKey_t; 70 71 typedef mcSpid_t spChild_t[MC_CONT_CHILDREN_COUNT]; 72 73 typedef mcUuid_t mcUuidChild_t[MC_CONT_CHILDREN_COUNT]; 74 75 /** Content management container states. 76 */ 77 typedef enum { 78 /** Container state unregistered. */ 79 MC_CONT_STATE_UNREGISTERED = 0, 80 /** Container is registered. */ 81 MC_CONT_STATE_REGISTERED = 1, 82 /** Container is activated. */ 83 MC_CONT_STATE_ACTIVATED = 2, 84 /** Container is locked by root. */ 85 MC_CONT_STATE_ROOT_LOCKED = 3, 86 /** Container is locked by service provider. */ 87 MC_CONT_STATE_SP_LOCKED = 4, 88 /** Container is locked by root and service provider. */ 89 MC_CONT_STATE_ROOT_SP_LOCKED = 5, 90 /** Dummy: ensure that enum is 32 bits wide. */ 91 MC_CONT_ATTRIB_SPACER = MC_ENUM_32BIT_SPACER 92 } mcContainerState_t; 93 94 /** Content management container attributes. 95 */ 96 typedef struct { 97 mcContainerState_t state; 98 } mcContainerAttribs_t; 99 100 /** Container types. */ 101 typedef enum { 102 /** SOC container. */ 103 CONT_TYPE_SOC = 0, 104 /** Root container. */ 105 CONT_TYPE_ROOT, 106 /** Service provider container. */ 107 CONT_TYPE_SP, 108 /** Trustlet container. */ 109 CONT_TYPE_TLCON, 110 /** Service provider data. */ 111 CONT_TYPE_SPDATA, 112 /** Trustlet data. */ 113 CONT_TYPE_TLDATA 114 } contType_t; 115 116 117 /** @defgroup MC_CONTAINER_CRYPTO_OBJECTS Container secrets. 118 * Data that is stored encrypted within the container. 119 * @{ */ 120 121 /** SoC secret */ 122 typedef struct { 123 mcSymmetricKey_t kSocAuth; 124 } mcCoSocCont_t; 125 126 /** */ 127 typedef struct { 128 mcSymmetricKey_t kRootAuth; 129 } mcCoRootCont_t; 130 131 /** */ 132 typedef struct { 133 mcSymmetricKey_t kSpAuth; 134 } mcCoSpCont_t; 135 136 /** */ 137 typedef struct { 138 mcSymmetricKey_t kTl; 139 } mcCoTltCont_t; 140 141 /** */ 142 typedef struct { 143 uint8_t data[MC_DATA_CONT_MAX_DATA_SIZE]; 144 } mcCoDataCont_t; 145 146 /** */ 147 typedef union { 148 mcSpid_t spid; 149 mcUuid_t uuid; 150 } mcCid_t; 151 152 /** @} */ 153 154 /** @defgroup MC_CONTAINER_CONTAINER_OBJECTS Container definitions. 155 * Container type definitions. 156 * @{ */ 157 158 /** SoC Container */ 159 typedef struct { 160 contType_t type; 161 uint32_t version; 162 mcContainerAttribs_t attribs; 163 mcSuid_t suid; 164 // Secrets. 165 mcCoSocCont_t co; 166 } mcSocCont_t; 167 168 /** */ 169 typedef struct { 170 contType_t type; 171 uint32_t version; 172 mcContainerAttribs_t attribs; 173 mcSuid_t suid; 174 mcRootid_t rootid; 175 spChild_t children; 176 // Secrets. 177 mcCoRootCont_t co; 178 } mcRootCont_t; 179 180 /** */ 181 typedef struct { 182 contType_t type; 183 uint32_t version; 184 mcContainerAttribs_t attribs; 185 mcSpid_t spid; 186 mcUuidChild_t children; 187 // Secrets. 188 mcCoSpCont_t co; 189 } mcSpCont_t; 190 191 /** */ 192 typedef struct { 193 contType_t type; 194 uint32_t version; 195 mcContainerAttribs_t attribs; 196 mcSpid_t parent; 197 mcUuid_t uuid; 198 // Secrets. 199 mcCoTltCont_t co; 200 } mcTltCont_t; 201 202 /** */ 203 typedef struct { 204 contType_t type; 205 uint32_t version; 206 mcUuid_t uuid; 207 mcPid_t pid; 208 // Secrets. 209 mcCoDataCont_t co; 210 } mcDataCont_t; 211 212 /** @} */ 213 214 /** Calculates the total size of the secure object hash and padding for a given 215 * container. 216 * @param contTotalSize Total size of the container (sum of plain and encrypted 217 * parts). 218 * @param contCoSize Size/length of the encrypted container part ("crypto 219 * object"). 220 * @return Total size of hash and padding for given container. 221 */ 222 #if CONTAINER_FORMAT_SO21 223 #define SO_CONT_HASH_AND_PAD_SIZE(contTotalSize, contCoSize) ( \ 224 MC_SO_SIZE_F21((contTotalSize) - (contCoSize), (contCoSize)) \ 225 - sizeof(mcSoHeader_t) \ 226 - (contTotalSize) ) 227 #else 228 #define SO_CONT_HASH_AND_PAD_SIZE(contTotalSize, contCoSize) ( \ 229 MC_SO_SIZE((contTotalSize) - (contCoSize), (contCoSize)) \ 230 - sizeof(mcSoHeader_t) \ 231 - (contTotalSize) ) 232 #endif 233 234 /** @defgroup MC_CONTAINER_SECURE_OBJECTS Containers in secure objects. 235 * Secure objects wrapping different containers. 236 * @{ */ 237 238 /** Authentication token */ 239 typedef struct { 240 mcSoHeader_t soHeader; 241 mcSocCont_t coSoc; 242 uint8_t hashAndPad[SO_CONT_HASH_AND_PAD_SIZE(sizeof(mcSocCont_t), sizeof(mcCoSocCont_t))]; 243 } mcSoAuthTokenCont_t; 244 245 /** Root container */ 246 typedef struct { 247 mcSoHeader_t soHeader; 248 mcRootCont_t cont; 249 uint8_t hashAndPad[SO_CONT_HASH_AND_PAD_SIZE(sizeof(mcRootCont_t), sizeof(mcCoRootCont_t))]; 250 } mcSoRootCont_t; 251 252 /** */ 253 typedef struct { 254 mcSoHeader_t soHeader; 255 mcSpCont_t cont; 256 uint8_t hashAndPad[SO_CONT_HASH_AND_PAD_SIZE(sizeof(mcSpCont_t), sizeof(mcCoSpCont_t))]; 257 } mcSoSpCont_t; 258 259 /** */ 260 typedef struct { 261 mcSoHeader_t soHeader; 262 mcTltCont_t cont; 263 uint8_t hashAndPad[SO_CONT_HASH_AND_PAD_SIZE(sizeof(mcTltCont_t), sizeof(mcCoTltCont_t))]; 264 } mcSoTltCont_t; 265 266 /** */ 267 typedef struct { 268 mcSoHeader_t soHeader; 269 mcDataCont_t cont; 270 uint8_t hashAndPad[SO_CONT_HASH_AND_PAD_SIZE(sizeof(mcDataCont_t), sizeof(mcCoDataCont_t))]; 271 } mcSoDataCont_t; 272 273 /** */ 274 typedef struct { 275 mcSoRootCont_t soRoot; 276 mcSoSpCont_t soSp; 277 mcSoTltCont_t soTlt; 278 } mcSoContainerPath_t; 279 280 /** @} */ 281 282 #endif // MC_CONTAINER_H_ 283 284 /** @} */ 285