Home | History | Annotate | Download | only in inc
      1 /** @addtogroup MC_CONTAINER mcContainer - Containers for MobiCore Content Management.
      2  * @ingroup  MC_DATA_TYPES
      3  * @{
      4  *
      5  * <!-- Copyright Giesecke & Devrient GmbH 2009-2012 -->
      6  *
      7  * Redistribution and use in source and binary forms, with or without
      8  * modification, are permitted provided that the following conditions
      9  * are met:
     10  * 1. Redistributions of source code must retain the above copyright
     11  *    notice, this list of conditions and the following disclaimer.
     12  * 2. Redistributions in binary form must reproduce the above copyright
     13  *    notice, this list of conditions and the following disclaimer in the
     14  *    documentation and/or other materials provided with the distribution.
     15  * 3. The name of the author may not be used to endorse or promote
     16  *    products derived from this software without specific prior
     17  *    written permission.
     18  *
     19  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS
     20  * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
     21  * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
     22  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
     23  * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
     24  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
     25  * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
     26  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
     27  * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
     28  * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
     29  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
     30  */
     31 #ifndef MC_CONTAINER_H_
     32 #define MC_CONTAINER_H_
     33 
     34 #include <stdint.h>
     35 
     36 #include "mcRootid.h"
     37 #include "mcSpid.h"
     38 #include "mcUuid.h"
     39 #include "mcSo.h"
     40 #include "mcSuid.h"
     41 
     42 #define CONTAINER_VERSION_MAJOR   2
     43 #define CONTAINER_VERSION_MINOR   0
     44 
     45 #define CONTAINER_FORMAT_SO21 1
     46 
     47 #define MC_CONT_SYMMETRIC_KEY_SIZE      32
     48 #define MC_CONT_PUBLIC_KEY_SIZE         320
     49 #define MC_CONT_CHILDREN_COUNT          16
     50 #define MC_DATA_CONT_MAX_DATA_SIZE      2048
     51 #define MC_TLT_CODE_HASH_SIZE           32
     52 
     53 #define MC_BYTES_TO_WORDS(bytes)       ( (bytes) / sizeof(uint32_t) )
     54 #define MC_ENUM_32BIT_SPACER           ((int32_t)-1)
     55 
     56 typedef uint32_t mcContVersion_t;
     57 
     58 /** Personalization Data ID. */
     59 typedef struct {
     60     uint32_t data;
     61 } mcPid_t;
     62 
     63 typedef struct {
     64     uint32_t keydata[MC_BYTES_TO_WORDS(MC_CONT_SYMMETRIC_KEY_SIZE)];
     65 } mcSymmetricKey_t;
     66 
     67 typedef struct {
     68     uint32_t keydata[MC_BYTES_TO_WORDS(MC_CONT_PUBLIC_KEY_SIZE)];
     69 } mcPublicKey_t;
     70 
     71 typedef mcSpid_t spChild_t[MC_CONT_CHILDREN_COUNT];
     72 
     73 typedef mcUuid_t mcUuidChild_t[MC_CONT_CHILDREN_COUNT];
     74 
     75 /** Content management container states.
     76  */
     77 typedef enum {
     78      /** Container state unregistered. */
     79      MC_CONT_STATE_UNREGISTERED = 0,
     80      /** Container is registered. */
     81      MC_CONT_STATE_REGISTERED = 1,
     82      /** Container  is activated. */
     83      MC_CONT_STATE_ACTIVATED = 2,
     84      /** Container is locked by root. */
     85      MC_CONT_STATE_ROOT_LOCKED = 3,
     86      /** Container is locked by service provider. */
     87      MC_CONT_STATE_SP_LOCKED = 4,
     88      /** Container is locked by root and service provider. */
     89      MC_CONT_STATE_ROOT_SP_LOCKED = 5,
     90      /** Dummy: ensure that enum is 32 bits wide. */
     91      MC_CONT_ATTRIB_SPACER = MC_ENUM_32BIT_SPACER
     92 } mcContainerState_t;
     93 
     94 /** Content management container attributes.
     95  */
     96 typedef struct {
     97     mcContainerState_t state;
     98 } mcContainerAttribs_t;
     99 
    100 /** Container types. */
    101 typedef enum {
    102     /** SOC container. */
    103     CONT_TYPE_SOC = 0,
    104     /** Root container. */
    105     CONT_TYPE_ROOT,
    106     /** Service provider container. */
    107     CONT_TYPE_SP,
    108     /** Trustlet container. */
    109     CONT_TYPE_TLCON,
    110     /** Service provider data. */
    111     CONT_TYPE_SPDATA,
    112     /** Trustlet data. */
    113     CONT_TYPE_TLDATA
    114 } contType_t;
    115 
    116 
    117 /** @defgroup MC_CONTAINER_CRYPTO_OBJECTS Container secrets.
    118  * Data that is stored encrypted within the container.
    119  * @{ */
    120 
    121 /** SoC secret */
    122 typedef struct {
    123     mcSymmetricKey_t kSocAuth;
    124 } mcCoSocCont_t;
    125 
    126 /** */
    127 typedef struct {
    128     mcSymmetricKey_t kRootAuth;
    129 } mcCoRootCont_t;
    130 
    131 /** */
    132 typedef struct {
    133     mcSymmetricKey_t kSpAuth;
    134 } mcCoSpCont_t;
    135 
    136 /** */
    137 typedef struct {
    138     mcSymmetricKey_t kTl;
    139 } mcCoTltCont_t;
    140 
    141 /** */
    142 typedef struct {
    143     uint8_t data[MC_DATA_CONT_MAX_DATA_SIZE];
    144 } mcCoDataCont_t;
    145 
    146 /** */
    147 typedef union {
    148     mcSpid_t spid;
    149     mcUuid_t uuid;
    150 } mcCid_t;
    151 
    152 /** @} */
    153 
    154 /** @defgroup MC_CONTAINER_CONTAINER_OBJECTS Container definitions.
    155  * Container type definitions.
    156  * @{ */
    157 
    158 /** SoC Container */
    159 typedef struct {
    160     contType_t type;
    161     uint32_t version;
    162     mcContainerAttribs_t attribs;
    163     mcSuid_t suid;
    164     // Secrets.
    165     mcCoSocCont_t co;
    166 } mcSocCont_t;
    167 
    168 /** */
    169 typedef struct {
    170     contType_t type;
    171     uint32_t version;
    172     mcContainerAttribs_t attribs;
    173     mcSuid_t suid;
    174     mcRootid_t rootid;
    175     spChild_t children;
    176     // Secrets.
    177     mcCoRootCont_t co;
    178 } mcRootCont_t;
    179 
    180 /** */
    181 typedef struct {
    182     contType_t type;
    183     uint32_t version;
    184     mcContainerAttribs_t attribs;
    185     mcSpid_t spid;
    186     mcUuidChild_t children;
    187     // Secrets.
    188     mcCoSpCont_t co;
    189 } mcSpCont_t;
    190 
    191 /** */
    192 typedef struct {
    193     contType_t type;
    194     uint32_t version;
    195     mcContainerAttribs_t attribs;
    196     mcSpid_t parent;
    197     mcUuid_t uuid;
    198     // Secrets.
    199     mcCoTltCont_t co;
    200 } mcTltCont_t;
    201 
    202 /** */
    203 typedef struct {
    204     contType_t type;
    205     uint32_t version;
    206     mcUuid_t uuid;
    207     mcPid_t pid;
    208     // Secrets.
    209     mcCoDataCont_t co;
    210 } mcDataCont_t;
    211 
    212 /** @} */
    213 
    214 /** Calculates the total size of the secure object hash and padding for a given
    215  * container.
    216  * @param contTotalSize Total size of the container (sum of plain and encrypted
    217  * parts).
    218  * @param contCoSize Size/length of the encrypted container part ("crypto
    219  * object").
    220  * @return Total size of hash and padding for given container.
    221  */
    222 #if CONTAINER_FORMAT_SO21
    223     #define SO_CONT_HASH_AND_PAD_SIZE(contTotalSize, contCoSize) ( \
    224             MC_SO_SIZE_F21((contTotalSize) - (contCoSize), (contCoSize)) \
    225             - sizeof(mcSoHeader_t) \
    226             - (contTotalSize) )
    227 #else
    228     #define SO_CONT_HASH_AND_PAD_SIZE(contTotalSize, contCoSize) ( \
    229             MC_SO_SIZE((contTotalSize) - (contCoSize), (contCoSize)) \
    230             - sizeof(mcSoHeader_t) \
    231             - (contTotalSize) )
    232 #endif
    233 
    234 /** @defgroup MC_CONTAINER_SECURE_OBJECTS Containers in secure objects.
    235  * Secure objects wrapping different containers.
    236  * @{ */
    237 
    238 /** Authentication token */
    239 typedef struct {
    240     mcSoHeader_t soHeader;
    241     mcSocCont_t coSoc;
    242     uint8_t hashAndPad[SO_CONT_HASH_AND_PAD_SIZE(sizeof(mcSocCont_t), sizeof(mcCoSocCont_t))];
    243 } mcSoAuthTokenCont_t;
    244 
    245 /** Root container */
    246 typedef struct {
    247     mcSoHeader_t soHeader;
    248     mcRootCont_t cont;
    249     uint8_t hashAndPad[SO_CONT_HASH_AND_PAD_SIZE(sizeof(mcRootCont_t), sizeof(mcCoRootCont_t))];
    250 } mcSoRootCont_t;
    251 
    252 /** */
    253 typedef struct {
    254     mcSoHeader_t soHeader;
    255     mcSpCont_t cont;
    256     uint8_t hashAndPad[SO_CONT_HASH_AND_PAD_SIZE(sizeof(mcSpCont_t), sizeof(mcCoSpCont_t))];
    257 } mcSoSpCont_t;
    258 
    259 /** */
    260 typedef struct {
    261     mcSoHeader_t soHeader;
    262     mcTltCont_t cont;
    263     uint8_t hashAndPad[SO_CONT_HASH_AND_PAD_SIZE(sizeof(mcTltCont_t), sizeof(mcCoTltCont_t))];
    264 } mcSoTltCont_t;
    265 
    266 /** */
    267 typedef struct {
    268     mcSoHeader_t soHeader;
    269     mcDataCont_t cont;
    270     uint8_t hashAndPad[SO_CONT_HASH_AND_PAD_SIZE(sizeof(mcDataCont_t), sizeof(mcCoDataCont_t))];
    271 } mcSoDataCont_t;
    272 
    273 /** */
    274 typedef struct {
    275     mcSoRootCont_t soRoot;
    276     mcSoSpCont_t soSp;
    277     mcSoTltCont_t soTlt;
    278 } mcSoContainerPath_t;
    279 
    280 /** @} */
    281 
    282 #endif // MC_CONTAINER_H_
    283 
    284 /** @} */
    285