1 // This file was extracted from the TCG Published 2 // Trusted Platform Module Library 3 // Part 4: Supporting Routines 4 // Family "2.0" 5 // Level 00 Revision 01.16 6 // October 30, 2014 7 8 #ifndef GLOBAL_H 9 #define GLOBAL_H 10 //#define SELF_TEST 11 #include "TpmBuildSwitches.h" 12 #include "Tpm.h" 13 #include "TPMB.h" 14 #include "CryptoEngine.h" 15 #ifndef EMBEDDED_MODE 16 #include <setjmp.h> 17 #endif 18 // 19 // 20 // 21 // Defines and Types 22 // 23 // Unreferenced Parameter 24 // 25 // This define is used to eliminate the compiler warning about an unreferenced parameter. Basically, it tells 26 // the compiler that it is not an accident that the parameter is unreferenced. 27 // 28 #ifndef UNREFERENCED_PARAMETER 29 # define UNREFERENCED_PARAMETER(a) (a) 30 #endif 31 #include "bits.h" 32 // 33 // 34 // Crypto Self-Test Values 35 // 36 // Define these values here if the AlgorithmTests() project is not used 37 // 38 #ifndef SELF_TEST 39 extern ALGORITHM_VECTOR g_implementedAlgorithms; 40 extern ALGORITHM_VECTOR g_toTest; 41 #else 42 LIB_IMPORT extern ALGORITHM_VECTOR g_implementedAlgorithms; 43 LIB_IMPORT extern ALGORITHM_VECTOR g_toTest; 44 #endif 45 // 46 // These macros are used in CryptUtil() to invoke the incremental self test. 47 // 48 #define TEST(alg) if(TEST_BIT(alg, g_toTest)) CryptTestAlgorithm(alg, NULL) 49 // 50 // Use of TPM_ALG_NULL is reserved for RSAEP/RSADP testing. If someone is wanting to test a hash with 51 // that value, don't do it. 52 // 53 #define TEST_HASH(alg) \ 54 if( TEST_BIT(alg, g_toTest) \ 55 && (alg != ALG_NULL_VALUE)) \ 56 CryptTestAlgorithm(alg, NULL) 57 // 58 // 59 // Hash and HMAC State Structures 60 // 61 // These definitions are for the types that can be in a hash state structure. These types are used in the 62 // crypto utilities 63 // 64 typedef BYTE HASH_STATE_TYPE; 65 #define HASH_STATE_EMPTY ((HASH_STATE_TYPE) 0) 66 #define HASH_STATE_HASH ((HASH_STATE_TYPE) 1) 67 #define HASH_STATE_HMAC ((HASH_STATE_TYPE) 2) 68 // 69 // A HASH_STATE structure contains an opaque hash stack state. A caller would use this structure when 70 // performing incremental hash operations. The state is updated on each call. If type is an HMAC_STATE, 71 // or HMAC_STATE_SEQUENCE then state is followed by the HMAC key in oPad format. 72 // 73 typedef struct 74 { 75 CPRI_HASH_STATE state; // hash state 76 HASH_STATE_TYPE type; // type of the context 77 } HASH_STATE; 78 // 79 // 80 // 81 // 82 // An HMAC_STATE structure contains an opaque HMAC stack state. A caller would use this structure 83 // when performing incremental HMAC operations. This structure contains a hash state and an HMAC key 84 // and allows slightly better stack optimization than adding an HMAC key to each hash state. 85 // 86 typedef struct 87 { 88 HASH_STATE hashState; // the hash state 89 TPM2B_HASH_BLOCK hmacKey; // the HMAC key 90 } HMAC_STATE; 91 // 92 // 93 // Other Types 94 // 95 // An AUTH_VALUE is a BYTE array containing a digest (TPMU_HA) 96 // 97 typedef BYTE AUTH_VALUE[sizeof(TPMU_HA)]; 98 // 99 // A TIME_INFO is a BYTE array that can contain a TPMS_TIME_INFO 100 // 101 typedef BYTE TIME_INFO[sizeof(TPMS_TIME_INFO)]; 102 // 103 // A NAME is a BYTE array that can contain a TPMU_NAME 104 // 105 typedef BYTE NAME[sizeof(TPMU_NAME)]; 106 // 107 // 108 // Loaded Object Structures 109 // 110 // Description 111 // 112 // The structures in this section define the object layout as it exists in TPM memory. 113 // Two types of objects are defined: an ordinary object such as a key, and a sequence object that may be a 114 // hash, HMAC, or event. 115 // 116 // OBJECT_ATTRIBUTES 117 // 118 // An OBJECT_ATTRIBUTES structure contains the variable attributes of an object. These properties are 119 // not part of the public properties but are used by the TPM in managing the object. An 120 // OBJECT_ATTRIBUTES is used in the definition of the OBJECT data type. 121 // 122 typedef struct 123 { 124 unsigned publicOnly : 1; //0) SET if only the public portion of 125 // an object is loaded 126 unsigned epsHierarchy : 1; //1) SET if the object belongs to EPS 127 // Hierarchy 128 unsigned ppsHierarchy : 1; //2) SET if the object belongs to PPS 129 // Hierarchy 130 unsigned spsHierarchy : 1; //3) SET f the object belongs to SPS 131 // Hierarchy 132 unsigned evict : 1; //4) SET if the object is a platform or 133 // owner evict object. Platform- 134 // evict object belongs to PPS 135 // hierarchy, owner-evict object 136 // belongs to SPS or EPS hierarchy. 137 // This bit is also used to mark a 138 // completed sequence object so it 139 // will be flush when the 140 // SequenceComplete command succeeds. 141 unsigned primary : 1; //5) SET for a primary object 142 unsigned temporary : 1; 143 //6) SET for a temporary object 144 unsigned stClear : 1; 145 //7) SET for an stClear object 146 unsigned hmacSeq : 1; 147 //8) SET for an HMAC sequence object 148 unsigned hashSeq : 1; 149 //9) SET for a hash sequence object 150 unsigned eventSeq : 1; 151 //10) SET for an event sequence object 152 unsigned ticketSafe : 1; 153 //11) SET if a ticket is safe to create 154 // for hash sequence object 155 unsigned firstBlock : 1; //12) SET if the first block of hash 156 // data has been received. It 157 // works with ticketSafe bit 158 unsigned isParent : 1; //13) SET if the key has the proper 159 // attributes to be a parent key 160 unsigned privateExp : 1; //14) SET when the private exponent 161 // of an RSA key has been validated. 162 unsigned reserved : 1; //15) reserved bits. unused. 163 } OBJECT_ATTRIBUTES; 164 // 165 // 166 // OBJECT Structure 167 // 168 // An OBJECT structure holds the object public, sensitive, and meta-data associated. This structure is 169 // implementation dependent. For this implementation, the structure is not optimized for space but rather for 170 // clarity of the reference implementation. Other implementations may choose to overlap portions of the 171 // structure that are not used simultaneously. These changes would necessitate changes to the source code 172 // but those changes would be compatible with the reference implementation. 173 // 174 typedef struct 175 { 176 // The attributes field is required to be first followed by the publicArea. 177 // This allows the overlay of the object structure and a sequence structure 178 OBJECT_ATTRIBUTES attributes; // object attributes 179 TPMT_PUBLIC publicArea; // public area of an object 180 TPMT_SENSITIVE sensitive; // sensitive area of an object 181 #ifdef TPM_ALG_RSA 182 TPM2B_PUBLIC_KEY_RSA privateExponent; // Additional field for the private 183 // exponent of an RSA key. 184 #endif 185 TPM2B_NAME qualifiedName; // object qualified name 186 TPMI_DH_OBJECT evictHandle; // if the object is an evict object, 187 // the original handle is kept here. 188 // The 'working' handle will be the 189 // handle of an object slot. 190 TPM2B_NAME name; // Name of the object name. Kept here 191 // to avoid repeatedly computing it. 192 } OBJECT; 193 #ifdef EMBEDDED_MODE 194 // This build time assert serves as a rudimentary check for changes 195 // to the OBJECT structure (which is serialized to NVmem). Whenever 196 // the OBJECT struct changes, NV_FORMAT_VERSION ought to be bumped. 197 struct size_check { char a[sizeof(OBJECT) == 1536 ? 1 : -1]; }; 198 #endif 199 // 200 // 201 // HASH_OBJECT Structure 202 // 203 // This structure holds a hash sequence object or an event sequence object. 204 // The first four components of this structure are manually set to be the same as the first four components of 205 // the object structure. This prevents the object from being inadvertently misused as sequence objects 206 // occupy the same memory as a regular object. A debug check is present to make sure that the offsets are 207 // what they are supposed to be. 208 // 209 typedef struct 210 { 211 OBJECT_ATTRIBUTES attributes; // The attributes of the HASH object 212 TPMI_ALG_PUBLIC type; // algorithm 213 TPMI_ALG_HASH nameAlg; // name algorithm 214 TPMA_OBJECT objectAttributes; // object attributes 215 // The data below is unique to a sequence object 216 TPM2B_AUTH auth; // auth for use of sequence 217 union 218 { 219 HASH_STATE hashState[HASH_COUNT]; 220 HMAC_STATE hmacState; 221 } state; 222 } HASH_OBJECT; 223 // 224 // 225 // ANY_OBJECT 226 // 227 // This is the union for holding either a sequence object or a regular object. 228 // 229 typedef union 230 { 231 OBJECT entity; 232 HASH_OBJECT hash; 233 } ANY_OBJECT; 234 // 235 // 236 // AUTH_DUP Types 237 // 238 // These values are used in the authorization processing. 239 // 240 typedef UINT32 AUTH_ROLE; 241 #define AUTH_NONE ((AUTH_ROLE)(0)) 242 #define AUTH_USER ((AUTH_ROLE)(1)) 243 #define AUTH_ADMIN ((AUTH_ROLE)(2)) 244 #define AUTH_DUP ((AUTH_ROLE)(3)) 245 // 246 // 247 // Active Session Context 248 // 249 // Description 250 // 251 // The structures in this section define the internal structure of a session context. 252 // 253 // SESSION_ATTRIBUTES 254 // 255 // The attributes in the SESSION_ATTRIBUTES structure track the various properties of the session. It 256 // maintains most of the tracking state information for the policy session. It is used within the SESSION 257 // structure. 258 // 259 typedef struct 260 { 261 unsigned isPolicy : 1; //1) SET if the session may only 262 // be used for policy 263 unsigned isAudit : 1; //2) SET if the session is used 264 // for audit 265 unsigned isBound : 1; //3) SET if the session is bound to 266 // with an entity. 267 // This attribute will be CLEAR if 268 // either isPolicy or isAudit is SET. 269 unsigned iscpHashDefined : 1;//4) SET if the cpHash has been defined 270 // This attribute is not SET unless 271 // 'isPolicy' is SET. 272 unsigned isAuthValueNeeded : 1; 273 //5) SET if the authValue is required 274 // for computing the session HMAC. 275 // This attribute is not SET unless 276 // isPolicy is SET. 277 unsigned isPasswordNeeded : 1; 278 //6) SET if a password authValue is 279 // required for authorization 280 // This attribute is not SET unless 281 // isPolicy is SET. 282 unsigned isPPRequired : 1; //7) SET if physical presence is 283 // required to be asserted when the 284 // authorization is checked. 285 // This attribute is not SET unless 286 // isPolicy is SET. 287 unsigned isTrialPolicy : 1; //8) SET if the policy session is 288 // created for trial of the policy's 289 // policyHash generation. 290 // This attribute is not SET unless 291 // isPolicy is SET. 292 unsigned isDaBound : 1; //9) SET if the bind entity had noDA 293 // CLEAR. If this is SET, then an 294 // auth failure using this session 295 // will count against lockout even 296 // if the object being authorized is 297 // exempt from DA. 298 unsigned isLockoutBound : 1; //10)SET if the session is bound to 299 // lockoutAuth. 300 unsigned requestWasBound : 1;//11) SET if the session is being used 301 // with the bind entity. If SET 302 // the authValue will not be use 303 // in the response HMAC computation. 304 unsigned checkNvWritten : 1; //12) SET if the TPMA_NV_WRITTEN 305 // attribute needs to be checked 306 // when the policy is used for 307 // authorization for NV access. 308 // If this is SET for any other 309 // type, the policy will fail. 310 unsigned nvWrittenState : 1; //13) SET if TPMA_NV_WRITTEN is 311 // required to be SET. 312 } SESSION_ATTRIBUTES; 313 // 314 // 315 // SESSION Structure 316 // 317 // The SESSION structure contains all the context of a session except for the associated contextID. 318 // 319 // NOTE: The contextID of a session is only relevant when the session context is stored off the TPM. 320 // 321 typedef struct 322 { 323 TPM_ALG_ID authHashAlg; // session hash algorithm 324 TPM2B_NONCE nonceTPM; // last TPM-generated nonce for 325 // this session 326 TPMT_SYM_DEF symmetric; // session symmetric algorithm (if any) 327 TPM2B_AUTH sessionKey; // session secret value used for 328 // generating HMAC and encryption keys 329 SESSION_ATTRIBUTES attributes; // session attributes 330 TPM_CC commandCode; // command code (policy session) 331 TPMA_LOCALITY commandLocality; // command locality (policy session) 332 UINT32 pcrCounter; // PCR counter value when PCR is 333 // included (policy session) 334 // If no PCR is included, this 335 // value is 0. 336 UINT64 startTime; // value of TPMS_CLOCK_INFO.clock when 337 // the session was started (policy 338 // 339 // session) 340 UINT64 timeOut; // timeout relative to 341 // TPMS_CLOCK_INFO.clock 342 // There is no timeout if this value 343 // is 0. 344 union 345 { 346 TPM2B_NAME boundEntity; // value used to track the entity to 347 // which the session is bound 348 TPM2B_DIGEST cpHash; // the required cpHash value for the 349 // command being authorized 350 } u1; // 'boundEntity' and 'cpHash' may 351 // share the same space to save memory 352 union 353 { 354 TPM2B_DIGEST auditDigest; // audit session digest 355 TPM2B_DIGEST policyDigest; // policyHash 356 } u2; // audit log and policyHash may 357 // share space to save memory 358 } SESSION; 359 // 360 // 361 // PCR 362 // 363 // PCR_SAVE Structure 364 // 365 // The PCR_SAVE structure type contains the PCR data that are saved across power cycles. Only the static 366 // PCR are required to be saved across power cycles. The DRTM and resettable PCR are not saved. The 367 // number of static and resettable PCR is determined by the platform-specific specification to which the TPM 368 // is built. 369 // 370 typedef struct 371 { 372 #ifdef TPM_ALG_SHA1 373 BYTE sha1[NUM_STATIC_PCR][SHA1_DIGEST_SIZE]; 374 #endif 375 #ifdef TPM_ALG_SHA256 376 BYTE sha256[NUM_STATIC_PCR][SHA256_DIGEST_SIZE]; 377 #endif 378 #ifdef TPM_ALG_SHA384 379 BYTE sha384[NUM_STATIC_PCR][SHA384_DIGEST_SIZE]; 380 #endif 381 #ifdef TPM_ALG_SHA512 382 BYTE sha512[NUM_STATIC_PCR][SHA512_DIGEST_SIZE]; 383 #endif 384 #ifdef TPM_ALG_SM3_256 385 BYTE sm3_256[NUM_STATIC_PCR][SM3_256_DIGEST_SIZE]; 386 #endif 387 // This counter increments whenever the PCR are updated. 388 // NOTE: A platform-specific specification may designate 389 // certain PCR changes as not causing this counter 390 // to increment. 391 UINT32 pcrCounter; 392 } PCR_SAVE; 393 // 394 // 395 // 396 // PCR_POLICY 397 // 398 // This structure holds the PCR policies, one for each group of PCR controlled by policy. 399 // 400 typedef struct 401 { 402 TPMI_ALG_HASH hashAlg[NUM_POLICY_PCR_GROUP]; 403 TPM2B_DIGEST a; 404 TPM2B_DIGEST policy[NUM_POLICY_PCR_GROUP]; 405 } PCR_POLICY; 406 // 407 // 408 // PCR_AUTHVALUE 409 // 410 // This structure holds the PCR policies, one for each group of PCR controlled by policy. 411 // 412 typedef struct 413 { 414 TPM2B_DIGEST auth[NUM_AUTHVALUE_PCR_GROUP]; 415 } PCR_AUTHVALUE; 416 // 417 // 418 // Startup 419 // 420 // SHUTDOWN_NONE 421 // 422 // Part 2 defines the two shutdown/startup types that may be used in TPM2_Shutdown() and 423 // TPM2_Starup(). This additional define is used by the TPM to indicate that no shutdown was received. 424 // 425 // NOTE: This is a reserved value. 426 // 427 #define SHUTDOWN_NONE (TPM_SU)(0xFFFF) 428 // 429 // 430 // STARTUP_TYPE 431 // 432 // This enumeration is the possible startup types. The type is determined by the combination of 433 // TPM2_ShutDown() and TPM2_Startup(). 434 // 435 typedef enum 436 { 437 SU_RESET, 438 SU_RESTART, 439 SU_RESUME 440 } STARTUP_TYPE; 441 // 442 // 443 // NV 444 // 445 // NV_RESERVE 446 // 447 // This enumeration defines the master list of the elements of a reserved portion of NV. This list includes all 448 // the pre-defined data that takes space in NV, either as persistent data or as state save data. The 449 // enumerations are used as indexes into an array of offset values. The offset values then are used to index 450 // into NV. This is method provides an imperfect analog to an actual NV implementation. 451 // 452 typedef enum 453 { 454 // Entries below mirror the PERSISTENT_DATA structure. These values are written 455 // to NV as individual items. 456 // hierarchy 457 NV_DISABLE_CLEAR, 458 NV_OWNER_ALG, 459 NV_ENDORSEMENT_ALG, 460 NV_LOCKOUT_ALG, 461 NV_OWNER_POLICY, 462 NV_ENDORSEMENT_POLICY, 463 NV_LOCKOUT_POLICY, 464 NV_OWNER_AUTH, 465 NV_ENDORSEMENT_AUTH, 466 NV_LOCKOUT_AUTH, 467 NV_EP_SEED, 468 NV_SP_SEED, 469 NV_PP_SEED, 470 NV_PH_PROOF, 471 NV_SH_PROOF, 472 NV_EH_PROOF, 473 // Time 474 NV_TOTAL_RESET_COUNT, 475 NV_RESET_COUNT, 476 // PCR 477 NV_PCR_POLICIES, 478 NV_PCR_ALLOCATED, 479 // Physical Presence 480 NV_PP_LIST, 481 // Dictionary Attack 482 NV_FAILED_TRIES, 483 NV_MAX_TRIES, 484 NV_RECOVERY_TIME, 485 NV_LOCKOUT_RECOVERY, 486 NV_LOCKOUT_AUTH_ENABLED, 487 // Orderly State flag 488 NV_ORDERLY, 489 // Command Audit 490 NV_AUDIT_COMMANDS, 491 NV_AUDIT_HASH_ALG, 492 NV_AUDIT_COUNTER, 493 // Algorithm Set 494 NV_ALGORITHM_SET, 495 NV_FIRMWARE_V1, 496 NV_FIRMWARE_V2, 497 // The entries above are in PERSISTENT_DATA. The entries below represent 498 // structures that are read and written as a unit. 499 // ORDERLY_DATA data structure written on each orderly shutdown 500 NV_ORDERLY_DATA, 501 // STATE_CLEAR_DATA structure written on each Shutdown(STATE) 502 NV_STATE_CLEAR, 503 // STATE_RESET_DATA structure written on each Shutdown(STATE) 504 NV_STATE_RESET, 505 NV_RESERVE_LAST // end of NV reserved data list 506 } NV_RESERVE; 507 // 508 // NV_INDEX 509 // 510 // The NV_INDEX structure defines the internal format for an NV index. The indexData size varies 511 // according to the type of the index. In this implementation, all of the index is manipulated as a unit. 512 // 513 typedef struct 514 { 515 TPMS_NV_PUBLIC publicArea; 516 TPM2B_AUTH authValue; 517 } NV_INDEX; 518 // 519 // 520 // COMMIT_INDEX_MASK 521 // 522 // This is the define for the mask value that is used when manipulating the bits in the commit bit array. The 523 // commit counter is a 64-bit value and the low order bits are used to index the commitArray. This mask 524 // value is applied to the commit counter to extract the bit number in the array. 525 // 526 #ifdef TPM_ALG_ECC 527 #define COMMIT_INDEX_MASK ((UINT16)((sizeof(gr.commitArray)*8)-1)) 528 #endif 529 // 530 // 531 // RAM Global Values 532 // 533 // Description 534 // 535 // The values in this section are only extant in RAM. They are defined here and instanced in Global.c. 536 // 537 // g_rcIndex 538 // 539 // This array is used to contain the array of values that are added to a return code when it is a parameter-, 540 // handle-, or session-related error. This is an implementation choice and the same result can be achieved 541 // by using a macro. 542 // 543 extern const UINT16 g_rcIndex[15]; 544 // 545 // 546 // g_exclusiveAuditSession 547 // 548 // This location holds the session handle for the current exclusive audit session. If there is no exclusive 549 // audit session, the location is set to TPM_RH_UNASSIGNED. 550 // 551 extern TPM_HANDLE g_exclusiveAuditSession; 552 // 553 // 554 // g_time 555 // 556 // This value is the count of milliseconds since the TPM was powered up. This value is initialized at 557 // _TPM_Init(). 558 // 559 extern UINT64 g_time; 560 // 561 // 562 // g_phEnable 563 // 564 // This is the platform hierarchy control and determines if the platform hierarchy is available. This value is 565 // SET on each TPM2_Startup(). The default value is SET. 566 // 567 extern BOOL g_phEnable; 568 // g_pceReConfig 569 // 570 // This value is SET if a TPM2_PCR_Allocate() command successfully executed since the last 571 // TPM2_Startup(). If so, then the next shutdown is required to be Shutdown(CLEAR). 572 // 573 extern BOOL g_pcrReConfig; 574 // 575 // 576 // g_DRTMHandle 577 // 578 // This location indicates the sequence object handle that holds the DRTM sequence data. When not used, 579 // it is set to TPM_RH_UNASSIGNED. A sequence DRTM sequence is started on either _TPM_Init() or 580 // _TPM_Hash_Start(). 581 // 582 extern TPMI_DH_OBJECT g_DRTMHandle; 583 // 584 // 585 // g_DrtmPreStartup 586 // 587 // This value indicates that an H-CRTM occurred after _TPM_Init() but before TPM2_Startup(). The define 588 // for PRE_STARTUP_FLAG is used to add the g_DrtmPreStartup value to gp_orderlyState at shutdown. 589 // This hack is to avoid adding another NV variable. 590 // 591 extern BOOL g_DrtmPreStartup; 592 #define PRE_STARTUP_FLAG 0x8000 593 // 594 // 595 // g_StartupLocality3 596 // 597 // This value indicates that a TPM2_Startup() occured at locality 3. Otherwise, it at locality 0. The define for 598 // STARTUP_LOCALITY_3 is to indicate that the startup was not at locality 0. This hack is to avoid adding 599 // another NV variable. 600 // 601 extern BOOL g_StartupLocality3; 602 #define STARTUP_LOCALITY_3 0x4000 603 // 604 // 605 // g_updateNV 606 // 607 // This flag indicates if NV should be updated at the end of a command. This flag is set to FALSE at the 608 // beginning of each command in ExecuteCommand(). This flag is checked in ExecuteCommand() after the 609 // detailed actions of a command complete. If the command execution was successful and this flag is SET, 610 // any pending NV writes will be committed to NV. 611 // 612 extern BOOL g_updateNV; 613 // 614 // 615 // g_clearOrderly 616 // 617 // This flag indicates if the execution of a command should cause the orderly state to be cleared. This flag 618 // is set to FALSE at the beginning of each command in ExecuteCommand() and is checked in 619 // ExecuteCommand() after the detailed actions of a command complete but before the check of 620 // g_updateNV. If this flag is TRUE, and the orderly state is not SHUTDOWN_NONE, then the orderly state 621 // in NV memory will be changed to SHUTDOWN_NONE. 622 // 623 extern BOOL g_clearOrderly; 624 // 625 // 626 // 627 // g_prevOrderlyState 628 // 629 // This location indicates how the TPM was shut down before the most recent TPM2_Startup(). This value, 630 // along with the startup type, determines if the TPM should do a TPM Reset, TPM Restart, or TPM 631 // Resume. 632 // 633 extern TPM_SU g_prevOrderlyState; 634 // 635 // 636 // g_nvOk 637 // 638 // This value indicates if the NV integrity check was successful or not. If not and the failure was severe, then 639 // the TPM would have been put into failure mode after it had been re-manufactured. If the NV failure was in 640 // the area where the state-save data is kept, then this variable will have a value of FALSE indicating that a 641 // TPM2_Startup(CLEAR) is required. 642 // 643 extern BOOL g_nvOk; 644 // 645 // 646 // g_platformUnique 647 // 648 // This location contains the unique value(s) used to identify the TPM. It is loaded on every 649 // _TPM2_Startup() The first value is used to seed the RNG. The second value is used as a vendor 650 // authValue. The value used by the RNG would be the value derived from the chip unique value (such as 651 // fused) with a dependency on the authorities of the code in the TPM boot path. The second would be 652 // derived from the chip unique value with a dependency on the details of the code in the boot path. That is, 653 // the first value depends on the various signers of the code and the second depends on what was signed. 654 // The TPM vendor should not be able to know the first value but they are expected to know the second. 655 // 656 extern TPM2B_AUTH g_platformUniqueAuthorities; // Reserved for RNG 657 extern TPM2B_AUTH g_platformUniqueDetails; // referenced by VENDOR_PERMANENT 658 // 659 // 660 // Persistent Global Values 661 // 662 // Description 663 // 664 // The values in this section are global values that are persistent across power events. The lifetime of the 665 // values determines the structure in which the value is placed. 666 // 667 // PERSISTENT_DATA 668 // 669 // This structure holds the persistent values that only change as a consequence of a specific Protected 670 // Capability and are not affected by TPM power events (TPM2_Startup() or TPM2_Shutdown(). 671 // 672 typedef struct 673 { 674 //********************************************************************************* 675 // Hierarchy 676 //********************************************************************************* 677 // The values in this section are related to the hierarchies. 678 BOOL disableClear; // TRUE if TPM2_Clear() using 679 // lockoutAuth is disabled 680 // Hierarchy authPolicies 681 TPMI_ALG_HASH ownerAlg; 682 TPMI_ALG_HASH endorsementAlg; 683 TPMI_ALG_HASH lockoutAlg; 684 TPM2B_DIGEST ownerPolicy; 685 TPM2B_DIGEST endorsementPolicy; 686 TPM2B_DIGEST lockoutPolicy; 687 // Hierarchy authValues 688 TPM2B_AUTH ownerAuth; 689 TPM2B_AUTH endorsementAuth; 690 TPM2B_AUTH lockoutAuth; 691 // Primary Seeds 692 TPM2B_SEED EPSeed; 693 TPM2B_SEED SPSeed; 694 TPM2B_SEED PPSeed; 695 // Note there is a nullSeed in the state_reset memory. 696 // Hierarchy proofs 697 TPM2B_AUTH phProof; 698 TPM2B_AUTH shProof; 699 TPM2B_AUTH ehProof; 700 // Note there is a nullProof in the state_reset memory. 701 //********************************************************************************* 702 // Reset Events 703 //********************************************************************************* 704 // A count that increments at each TPM reset and never get reset during the life 705 // time of TPM. The value of this counter is initialized to 1 during TPM 706 // manufacture process. 707 UINT64 totalResetCount; 708 // This counter increments on each TPM Reset. The counter is reset by 709 // TPM2_Clear(). 710 UINT32 resetCount; 711 //********************************************************************************* 712 // PCR 713 //********************************************************************************* 714 // This structure hold the policies for those PCR that have an update policy. 715 // This implementation only supports a single group of PCR controlled by 716 // policy. If more are required, then this structure would be changed to 717 // an array. 718 PCR_POLICY pcrPolicies; 719 // This structure indicates the allocation of PCR. The structure contains a 720 // list of PCR allocations for each implemented algorithm. If no PCR are 721 // allocated for an algorithm, a list entry still exists but the bit map 722 // will contain no SET bits. 723 TPML_PCR_SELECTION pcrAllocated; 724 //********************************************************************************* 725 // Physical Presence 726 //********************************************************************************* 727 // The PP_LIST type contains a bit map of the commands that require physical 728 // to be asserted when the authorization is evaluated. Physical presence will be 729 // checked if the corresponding bit in the array is SET and if the authorization 730 // handle is TPM_RH_PLATFORM. 731 // 732 // These bits may be changed with TPM2_PP_Commands(). 733 BYTE ppList[((TPM_CC_PP_LAST - TPM_CC_PP_FIRST + 1) + 7)/8]; 734 //********************************************************************************* 735 // Dictionary attack values 736 //********************************************************************************* 737 // These values are used for dictionary attack tracking and control. 738 UINT32 failedTries; // the current count of unexpired 739 // authorization failures 740 UINT32 maxTries; // number of unexpired authorization 741 // failures before the TPM is in 742 // lockout 743 UINT32 recoveryTime; // time between authorization failures 744 // before failedTries is decremented 745 UINT32 lockoutRecovery; // time that must expire between 746 // authorization failures associated 747 // with lockoutAuth 748 BOOL lockOutAuthEnabled; // TRUE if use of lockoutAuth is 749 // allowed 750 //***************************************************************************** 751 // Orderly State 752 //***************************************************************************** 753 // The orderly state for current cycle 754 TPM_SU orderlyState; 755 //***************************************************************************** 756 // Command audit values. 757 //***************************************************************************** 758 BYTE auditComands[((TPM_CC_LAST - TPM_CC_FIRST + 1) + 7) / 8]; 759 TPMI_ALG_HASH auditHashAlg; 760 UINT64 auditCounter; 761 //***************************************************************************** 762 // Algorithm selection 763 //***************************************************************************** 764 // 765 // The 'algorithmSet' value indicates the collection of algorithms that are 766 // currently in used on the TPM. The interpretation of value is vendor dependent. 767 UINT32 algorithmSet; 768 //***************************************************************************** 769 // Firmware version 770 //***************************************************************************** 771 // The firmwareV1 and firmwareV2 values are instanced in TimeStamp.c. This is 772 // a scheme used in development to allow determination of the linker build time 773 // of the TPM. An actual implementation would implement these values in a way that 774 // is consistent with vendor needs. The values are maintained in RAM for simplified 775 // access with a master version in NV. These values are modified in a 776 // vendor-specific way. 777 // g_firmwareV1 contains the more significant 32-bits of the vendor version number. 778 // In the reference implementation, if this value is printed as a hex 779 // value, it will have the format of yyyymmdd 780 UINT32 firmwareV1; 781 // g_firmwareV1 contains the less significant 32-bits of the vendor version number. 782 // In the reference implementation, if this value is printed as a hex 783 // value, it will have the format of 00 hh mm ss 784 UINT32 firmwareV2; 785 } PERSISTENT_DATA; 786 extern PERSISTENT_DATA gp; 787 // 788 // 789 // ORDERLY_DATA 790 // 791 // The data in this structure is saved to NV on each TPM2_Shutdown(). 792 // 793 typedef struct orderly_data 794 { 795 // 796 //***************************************************************************** 797 // TIME 798 //***************************************************************************** 799 // Clock has two parts. One is the state save part and one is the NV part. The 800 // state save version is updated on each command. When the clock rolls over, the 801 // NV version is updated. When the TPM starts up, if the TPM was shutdown in and 802 // orderly way, then the sClock value is used to initialize the clock. If the 803 // TPM shutdown was not orderly, then the persistent value is used and the safe 804 // attribute is clear. 805 UINT64 clock; // The orderly version of clock 806 TPMI_YES_NO clockSafe; // Indicates if the clock value is 807 // safe. 808 //********************************************************************************* 809 // DRBG 810 //********************************************************************************* 811 #ifdef _DRBG_STATE_SAVE 812 // This is DRBG state data. This is saved each time the value of clock is 813 // updated. 814 DRBG_STATE drbgState; 815 #endif 816 } ORDERLY_DATA; 817 extern ORDERLY_DATA go; 818 // 819 // 820 // STATE_CLEAR_DATA 821 // 822 // This structure contains the data that is saved on Shutdown(STATE). and restored on Startup(STATE). 823 // The values are set to their default settings on any Startup(Clear). In other words the data is only 824 // persistent across TPM Resume. 825 // If the comments associated with a parameter indicate a default reset value, the value is applied on each 826 // Startup(CLEAR). 827 // 828 typedef struct state_clear_data 829 { 830 //***************************************************************************** 831 // Hierarchy Control 832 //***************************************************************************** 833 BOOL shEnable; // default reset is SET 834 BOOL ehEnable; // default reset is SET 835 BOOL phEnableNV; // default reset is SET 836 TPMI_ALG_HASH platformAlg; // default reset is TPM_ALG_NULL 837 TPM2B_DIGEST platformPolicy; // default reset is an Empty Buffer 838 TPM2B_AUTH platformAuth; // default reset is an Empty Buffer 839 //***************************************************************************** 840 // PCR 841 //***************************************************************************** 842 // The set of PCR to be saved on Shutdown(STATE) 843 PCR_SAVE pcrSave; // default reset is 0...0 844 // This structure hold the authorization values for those PCR that have an 845 // update authorization. 846 // This implementation only supports a single group of PCR controlled by 847 // authorization. If more are required, then this structure would be changed to 848 // an array. 849 PCR_AUTHVALUE pcrAuthValues; 850 } STATE_CLEAR_DATA; 851 extern STATE_CLEAR_DATA gc; 852 // 853 // 854 // 855 // State Reset Data 856 // 857 // This structure contains data is that is saved on Shutdown(STATE) and restored on the subsequent 858 // Startup(ANY). That is, the data is preserved across TPM Resume and TPM Restart. 859 // If a default value is specified in the comments this value is applied on TPM Reset. 860 // 861 typedef struct state_reset_data 862 { 863 //***************************************************************************** 864 // Hierarchy Control 865 //***************************************************************************** 866 TPM2B_AUTH nullProof; // The proof value associated with 867 // the TPM_RH_NULL hierarchy. The 868 // default reset value is from the RNG. 869 TPM2B_SEED nullSeed; // The seed value for the TPM_RN_NULL 870 // hierarchy. The default reset value 871 // is from the RNG. 872 //***************************************************************************** 873 // Context 874 //***************************************************************************** 875 // The 'clearCount' counter is incremented each time the TPM successfully executes 876 // a TPM Resume. The counter is included in each saved context that has 'stClear' 877 // SET (including descendants of keys that have 'stClear' SET). This prevents these 878 // objects from being loaded after a TPM Resume. 879 // If 'clearCount' at its maximum value when the TPM receives a Shutdown(STATE), 880 // the TPM will return TPM_RC_RANGE and the TPM will only accept Shutdown(CLEAR). 881 UINT32 clearCount; // The default reset value is 0. 882 UINT64 objectContextID; // This is the context ID for a saved 883 // object context. The default reset 884 // value is 0. 885 CONTEXT_SLOT contextArray[MAX_ACTIVE_SESSIONS]; 886 // This is the value from which the 887 // 'contextID' is derived. The 888 // default reset value is {0}. 889 CONTEXT_COUNTER contextCounter; // This array contains contains the 890 // values used to track the version 891 // numbers of saved contexts (see 892 // Session.c in for details). The 893 // default reset value is 0. 894 //***************************************************************************** 895 // Command Audit 896 //***************************************************************************** 897 // When an audited command completes, ExecuteCommand() checks the return 898 // value. If it is TPM_RC_SUCCESS, and the command is an audited command, the 899 // TPM will extend the cpHash and rpHash for the command to this value. If this 900 // digest was the Zero Digest before the cpHash was extended, the audit counter 901 // is incremented. 902 TPM2B_DIGEST commandAuditDigest; // This value is set to an Empty Digest 903 // by TPM2_GetCommandAuditDigest() or a 904 // TPM Reset. 905 //***************************************************************************** 906 // Boot counter 907 //***************************************************************************** 908 UINT32 restartCount; // This counter counts TPM Restarts. 909 // The default reset value is 0. 910 // 911 //********************************************************************************* 912 // PCR 913 //********************************************************************************* 914 // This counter increments whenever the PCR are updated. This counter is preserved 915 // across TPM Resume even though the PCR are not preserved. This is because 916 // sessions remain active across TPM Restart and the count value in the session 917 // is compared to this counter so this counter must have values that are unique 918 // as long as the sessions are active. 919 // NOTE: A platform-specific specification may designate that certain PCR changes 920 // do not increment this counter to increment. 921 UINT32 pcrCounter; // The default reset value is 0. 922 #ifdef TPM_ALG_ECC 923 //***************************************************************************** 924 // ECDAA 925 //***************************************************************************** 926 UINT64 commitCounter; // This counter increments each time 927 // TPM2_Commit() returns 928 // TPM_RC_SUCCESS. The default reset 929 // value is 0. 930 TPM2B_NONCE commitNonce; // This random value is used to compute 931 // the commit values. The default reset 932 // value is from the RNG. 933 // This implementation relies on the number of bits in g_commitArray being a 934 // power of 2 (8, 16, 32, 64, etc.) and no greater than 64K. 935 BYTE commitArray[16]; // The default reset value is {0}. 936 #endif //TPM_ALG_ECC 937 } STATE_RESET_DATA; 938 extern STATE_RESET_DATA gr; 939 // 940 // 941 // Global Macro Definitions 942 // 943 // This macro is used to ensure that a handle, session, or parameter number is only added if the response 944 // code is FMT1. 945 // 946 #define RcSafeAddToResult(r, v) \ 947 ((r) + (((r) & RC_FMT1) ? (v) : 0)) 948 // 949 // This macro is used when a parameter is not otherwise referenced in a function. This macro is normally 950 // not used by itself but is paired with a pAssert() within a #ifdef pAssert. If pAssert is not defined, then a 951 // parameter might not otherwise be referenced. This macro uses the parameter from the perspective of the 952 // compiler so it doesn't complain. 953 // 954 #define UNREFERENCED(a) ((void)(a)) 955 // 956 // 957 // Private data 958 // 959 #if defined SESSION_PROCESS_C || defined GLOBAL_C || defined MANUFACTURE_C 960 // 961 // From SessionProcess.c 962 // The following arrays are used to save command sessions information so that the command 963 // handle/session buffer does not have to be preserved for the duration of the command. These arrays are 964 // indexed by the session index in accordance with the order of sessions in the session area of the 965 // command. 966 // 967 // Array of the authorization session handles 968 // 969 extern TPM_HANDLE s_sessionHandles[MAX_SESSION_NUM]; 970 // 971 // Array of authorization session attributes 972 // 973 extern TPMA_SESSION s_attributes[MAX_SESSION_NUM]; 974 // 975 // Array of handles authorized by the corresponding authorization sessions; and if none, then 976 // TPM_RH_UNASSIGNED value is used 977 // 978 extern TPM_HANDLE s_associatedHandles[MAX_SESSION_NUM]; 979 // 980 // Array of nonces provided by the caller for the corresponding sessions 981 // 982 extern TPM2B_NONCE s_nonceCaller[MAX_SESSION_NUM]; 983 // 984 // Array of authorization values (HMAC's or passwords) for the corresponding sessions 985 // 986 extern TPM2B_AUTH s_inputAuthValues[MAX_SESSION_NUM]; 987 // 988 // Special value to indicate an undefined session index 989 // 990 #define UNDEFINED_INDEX (0xFFFF) 991 // 992 // Index of the session used for encryption of a response parameter 993 // 994 extern UINT32 s_encryptSessionIndex; 995 // 996 // Index of the session used for decryption of a command parameter 997 // 998 extern UINT32 s_decryptSessionIndex; 999 // 1000 // Index of a session used for audit 1001 // 1002 extern UINT32 s_auditSessionIndex; 1003 // 1004 // The cpHash for an audit session 1005 // 1006 extern TPM2B_DIGEST s_cpHashForAudit; 1007 // 1008 // The cpHash for command audit 1009 // 1010 #ifdef TPM_CC_GetCommandAuditDigest 1011 extern TPM2B_DIGEST s_cpHashForCommandAudit; 1012 #endif 1013 // 1014 // Number of authorization sessions present in the command 1015 // 1016 extern UINT32 s_sessionNum; 1017 // 1018 // Flag indicating if NV update is pending for the lockOutAuthEnabled or failedTries DA parameter 1019 // 1020 extern BOOL s_DAPendingOnNV; 1021 #endif // SESSION_PROCESS_C 1022 #if defined DA_C || defined GLOBAL_C || defined MANUFACTURE_C 1023 // 1024 // From DA.c 1025 // 1026 // This variable holds the accumulated time since the last time that failedTries was decremented. This value 1027 // is in millisecond. 1028 // 1029 extern UINT64 s_selfHealTimer; 1030 // 1031 // This variable holds the accumulated time that the lockoutAuth has been blocked. 1032 // 1033 extern UINT64 s_lockoutTimer; 1034 #endif // DA_C 1035 #if defined NV_C || defined GLOBAL_C 1036 // 1037 // From NV.c 1038 // List of pre-defined address of reserved data 1039 // 1040 extern UINT32 s_reservedAddr[NV_RESERVE_LAST]; 1041 // 1042 // List of pre-defined reserved data size in byte 1043 // 1044 extern UINT32 s_reservedSize[NV_RESERVE_LAST]; 1045 // 1046 // Size of data in RAM index buffer 1047 // 1048 extern UINT32 s_ramIndexSize; 1049 // 1050 // Reserved RAM space for frequently updated NV Index. The data layout in ram buffer is {NV_handle(), 1051 // size of data, data} for each NV index data stored in RAM 1052 // 1053 extern BYTE s_ramIndex[RAM_INDEX_SPACE]; 1054 // 1055 // Address of size of RAM index space in NV 1056 // 1057 extern UINT32 s_ramIndexSizeAddr; 1058 // 1059 // Address of NV copy of RAM index space 1060 // 1061 extern UINT32 s_ramIndexAddr; 1062 // 1063 // Address of maximum counter value; an auxiliary variable to implement NV counters 1064 // 1065 extern UINT32 s_maxCountAddr; 1066 // 1067 // Beginning of NV dynamic area; starts right after the s_maxCountAddr and s_evictHandleMapAddr 1068 // variables 1069 // 1070 extern UINT32 s_evictNvStart; 1071 // 1072 // Beginning of NV dynamic area; also the beginning of the predefined reserved data area. 1073 // 1074 extern UINT32 s_evictNvEnd; 1075 // 1076 // NV availability is sampled as the start of each command and stored here so that its value remains 1077 // consistent during the command execution 1078 // 1079 extern TPM_RC s_NvStatus; 1080 #endif 1081 #if defined OBJECT_C || defined GLOBAL_C 1082 // 1083 // From Object.c 1084 // 1085 // This type is the container for an object. 1086 // 1087 typedef struct 1088 { 1089 BOOL occupied; 1090 ANY_OBJECT object; 1091 } OBJECT_SLOT; 1092 // 1093 // This is the memory that holds the loaded objects. 1094 // 1095 extern OBJECT_SLOT s_objects[MAX_LOADED_OBJECTS]; 1096 #endif // OBJECT_C 1097 #if defined PCR_C || defined GLOBAL_C 1098 // 1099 // From PCR.c 1100 // 1101 typedef struct 1102 { 1103 #ifdef TPM_ALG_SHA1 1104 // SHA1 PCR 1105 BYTE sha1Pcr[SHA1_DIGEST_SIZE]; 1106 #endif 1107 #ifdef TPM_ALG_SHA256 1108 // SHA256 PCR 1109 BYTE sha256Pcr[SHA256_DIGEST_SIZE]; 1110 #endif 1111 #ifdef TPM_ALG_SHA384 1112 // SHA384 PCR 1113 BYTE sha384Pcr[SHA384_DIGEST_SIZE]; 1114 #endif 1115 #ifdef TPM_ALG_SHA512 1116 // SHA512 PCR 1117 BYTE sha512Pcr[SHA512_DIGEST_SIZE]; 1118 #endif 1119 #ifdef TPM_ALG_SM3_256 1120 // SHA256 PCR 1121 BYTE sm3_256Pcr[SM3_256_DIGEST_SIZE]; 1122 #endif 1123 } PCR; 1124 typedef struct 1125 { 1126 unsigned int stateSave : 1; // if the PCR value should be 1127 // saved in state save 1128 unsigned int resetLocality : 5; // The locality that the PCR 1129 // can be reset 1130 unsigned int extendLocality : 5; // The locality that the PCR 1131 // can be extend 1132 } PCR_Attributes; 1133 extern PCR s_pcrs[IMPLEMENTATION_PCR]; 1134 #endif // PCR_C 1135 #if defined SESSION_C || defined GLOBAL_C 1136 // 1137 // From Session.c 1138 // Container for HMAC or policy session tracking information 1139 // 1140 typedef struct 1141 { 1142 BOOL occupied; 1143 SESSION session; // session structure 1144 } SESSION_SLOT; 1145 extern SESSION_SLOT s_sessions[MAX_LOADED_SESSIONS]; 1146 // 1147 // 1148 // 1149 // 1150 // The index in conextArray that has the value of the oldest saved session context. When no context is 1151 // saved, this will have a value that is greater than or equal to MAX_ACTIVE_SESSIONS. 1152 // 1153 extern UINT32 s_oldestSavedSession; 1154 // 1155 // The number of available session slot openings. When this is 1, a session can't be created or loaded if the 1156 // GAP is maxed out. The exception is that the oldest saved session context can always be loaded 1157 // (assuming that there is a space in memory to put it) 1158 // 1159 extern int s_freeSessionSlots; 1160 #endif // SESSION_C 1161 // 1162 // From Manufacture.c 1163 // 1164 extern BOOL g_manufactured; 1165 #if defined POWER_C || defined GLOBAL_C 1166 // 1167 // From Power.c 1168 // This value indicates if a TPM2_Startup() commands has been receive since the power on event. This 1169 // flag is maintained in power simulation module because this is the only place that may reliably set this flag 1170 // to FALSE. 1171 // 1172 extern BOOL s_initialized; 1173 #endif // POWER_C 1174 #if defined MEMORY_LIB_C || defined GLOBAL_C 1175 // 1176 // The s_actionOutputBuffer should not be modifiable by the host system until the TPM has returned a 1177 // response code. The s_actionOutputBuffer should not be accessible until response parameter encryption, 1178 // if any, is complete. 1179 // 1180 extern UINT32 s_actionInputBuffer[1024]; // action input buffer 1181 extern UINT32 s_actionOutputBuffer[1024]; // action output buffer 1182 extern BYTE s_responseBuffer[MAX_RESPONSE_SIZE];// response buffer 1183 #endif // MEMORY_LIB_C 1184 // 1185 // From TPMFail.c 1186 // This value holds the address of the string containing the name of the function in which the failure 1187 // occurred. This address value isn't useful for anything other than helping the vendor to know in which file 1188 // the failure occurred. 1189 // 1190 #ifndef EMBEDDED_MODE 1191 extern jmp_buf g_jumpBuffer; // the jump buffer 1192 #endif 1193 extern BOOL g_inFailureMode; // Indicates that the TPM is in failure mode 1194 extern BOOL g_forceFailureMode; // flag to force failure mode during test 1195 #if defined TPM_FAIL_C || defined GLOBAL_C || 1 1196 extern UINT32 s_failFunction; 1197 extern UINT32 s_failLine; // the line in the file at which 1198 // the error was signaled 1199 extern UINT32 s_failCode; // the error code used 1200 #endif // TPM_FAIL_C 1201 #endif // GLOBAL_H 1202
