1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
|
// This file was extracted from the TCG Published
// Trusted Platform Module Library
// Part 4: Supporting Routines
// Family "2.0"
// Level 00 Revision 01.16
// October 30, 2014
#ifndef GLOBAL_H
#define GLOBAL_H
//#define SELF_TEST
#include "TpmBuildSwitches.h"
#include "Tpm.h"
#include "TPMB.h"
#include "CryptoEngine.h"
#ifndef EMBEDDED_MODE
#include <setjmp.h>
#endif
//
//
//
// Defines and Types
//
// Unreferenced Parameter
//
// This define is used to eliminate the compiler warning about an unreferenced parameter. Basically, it tells
// the compiler that it is not an accident that the parameter is unreferenced.
//
#ifndef UNREFERENCED_PARAMETER
# define UNREFERENCED_PARAMETER(a) (a)
#endif
#include "bits.h"
//
//
// Crypto Self-Test Values
//
// Define these values here if the AlgorithmTests() project is not used
//
#ifndef SELF_TEST
extern ALGORITHM_VECTOR g_implementedAlgorithms;
extern ALGORITHM_VECTOR g_toTest;
#else
LIB_IMPORT extern ALGORITHM_VECTOR g_implementedAlgorithms;
LIB_IMPORT extern ALGORITHM_VECTOR g_toTest;
#endif
//
// These macros are used in CryptUtil() to invoke the incremental self test.
//
#define TEST(alg) if(TEST_BIT(alg, g_toTest)) CryptTestAlgorithm(alg, NULL)
//
// Use of TPM_ALG_NULL is reserved for RSAEP/RSADP testing. If someone is wanting to test a hash with
// that value, don't do it.
//
#define TEST_HASH(alg) \
if( TEST_BIT(alg, g_toTest) \
&& (alg != ALG_NULL_VALUE)) \
CryptTestAlgorithm(alg, NULL)
//
//
// Hash and HMAC State Structures
//
// These definitions are for the types that can be in a hash state structure. These types are used in the
// crypto utilities
//
typedef BYTE HASH_STATE_TYPE;
#define HASH_STATE_EMPTY ((HASH_STATE_TYPE) 0)
#define HASH_STATE_HASH ((HASH_STATE_TYPE) 1)
#define HASH_STATE_HMAC ((HASH_STATE_TYPE) 2)
//
// A HASH_STATE structure contains an opaque hash stack state. A caller would use this structure when
// performing incremental hash operations. The state is updated on each call. If type is an HMAC_STATE,
// or HMAC_STATE_SEQUENCE then state is followed by the HMAC key in oPad format.
//
typedef struct
{
CPRI_HASH_STATE state; // hash state
HASH_STATE_TYPE type; // type of the context
} HASH_STATE;
//
//
//
//
// An HMAC_STATE structure contains an opaque HMAC stack state. A caller would use this structure
// when performing incremental HMAC operations. This structure contains a hash state and an HMAC key
// and allows slightly better stack optimization than adding an HMAC key to each hash state.
//
typedef struct
{
HASH_STATE hashState; // the hash state
TPM2B_HASH_BLOCK hmacKey; // the HMAC key
} HMAC_STATE;
//
//
// Other Types
//
// An AUTH_VALUE is a BYTE array containing a digest (TPMU_HA)
//
typedef BYTE AUTH_VALUE[sizeof(TPMU_HA)];
//
// A TIME_INFO is a BYTE array that can contain a TPMS_TIME_INFO
//
typedef BYTE TIME_INFO[sizeof(TPMS_TIME_INFO)];
//
// A NAME is a BYTE array that can contain a TPMU_NAME
//
typedef BYTE NAME[sizeof(TPMU_NAME)];
//
//
// Loaded Object Structures
//
// Description
//
// The structures in this section define the object layout as it exists in TPM memory.
// Two types of objects are defined: an ordinary object such as a key, and a sequence object that may be a
// hash, HMAC, or event.
//
// OBJECT_ATTRIBUTES
//
// An OBJECT_ATTRIBUTES structure contains the variable attributes of an object. These properties are
// not part of the public properties but are used by the TPM in managing the object. An
// OBJECT_ATTRIBUTES is used in the definition of the OBJECT data type.
//
typedef struct
{
unsigned publicOnly : 1; //0) SET if only the public portion of
// an object is loaded
unsigned epsHierarchy : 1; //1) SET if the object belongs to EPS
// Hierarchy
unsigned ppsHierarchy : 1; //2) SET if the object belongs to PPS
// Hierarchy
unsigned spsHierarchy : 1; //3) SET f the object belongs to SPS
// Hierarchy
unsigned evict : 1; //4) SET if the object is a platform or
// owner evict object. Platform-
// evict object belongs to PPS
// hierarchy, owner-evict object
// belongs to SPS or EPS hierarchy.
// This bit is also used to mark a
// completed sequence object so it
// will be flush when the
// SequenceComplete command succeeds.
unsigned primary : 1; //5) SET for a primary object
unsigned temporary : 1;
//6) SET for a temporary object
unsigned stClear : 1;
//7) SET for an stClear object
unsigned hmacSeq : 1;
//8) SET for an HMAC sequence object
unsigned hashSeq : 1;
//9) SET for a hash sequence object
unsigned eventSeq : 1;
//10) SET for an event sequence object
unsigned ticketSafe : 1;
//11) SET if a ticket is safe to create
// for hash sequence object
unsigned firstBlock : 1; //12) SET if the first block of hash
// data has been received. It
// works with ticketSafe bit
unsigned isParent : 1; //13) SET if the key has the proper
// attributes to be a parent key
unsigned privateExp : 1; //14) SET when the private exponent
// of an RSA key has been validated.
unsigned reserved : 1; //15) reserved bits. unused.
} OBJECT_ATTRIBUTES;
//
//
// OBJECT Structure
//
// An OBJECT structure holds the object public, sensitive, and meta-data associated. This structure is
// implementation dependent. For this implementation, the structure is not optimized for space but rather for
// clarity of the reference implementation. Other implementations may choose to overlap portions of the
// structure that are not used simultaneously. These changes would necessitate changes to the source code
// but those changes would be compatible with the reference implementation.
//
typedef struct
{
// The attributes field is required to be first followed by the publicArea.
// This allows the overlay of the object structure and a sequence structure
OBJECT_ATTRIBUTES attributes; // object attributes
TPMT_PUBLIC publicArea; // public area of an object
TPMT_SENSITIVE sensitive; // sensitive area of an object
#ifdef TPM_ALG_RSA
TPM2B_PUBLIC_KEY_RSA privateExponent; // Additional field for the private
// exponent of an RSA key.
#endif
TPM2B_NAME qualifiedName; // object qualified name
TPMI_DH_OBJECT evictHandle; // if the object is an evict object,
// the original handle is kept here.
// The 'working' handle will be the
// handle of an object slot.
TPM2B_NAME name; // Name of the object name. Kept here
// to avoid repeatedly computing it.
} OBJECT;
#ifdef EMBEDDED_MODE
// This build time assert serves as a rudimentary check for changes
// to the OBJECT structure (which is serialized to NVmem). Whenever
// the OBJECT struct changes, NV_FORMAT_VERSION ought to be bumped.
struct size_check { char a[sizeof(OBJECT) == 1536 ? 1 : -1]; };
#endif
//
//
// HASH_OBJECT Structure
//
// This structure holds a hash sequence object or an event sequence object.
// The first four components of this structure are manually set to be the same as the first four components of
// the object structure. This prevents the object from being inadvertently misused as sequence objects
// occupy the same memory as a regular object. A debug check is present to make sure that the offsets are
// what they are supposed to be.
//
typedef struct
{
OBJECT_ATTRIBUTES attributes; // The attributes of the HASH object
TPMI_ALG_PUBLIC type; // algorithm
TPMI_ALG_HASH nameAlg; // name algorithm
TPMA_OBJECT objectAttributes; // object attributes
// The data below is unique to a sequence object
TPM2B_AUTH auth; // auth for use of sequence
union
{
HASH_STATE hashState[HASH_COUNT];
HMAC_STATE hmacState;
} state;
} HASH_OBJECT;
//
//
// ANY_OBJECT
//
// This is the union for holding either a sequence object or a regular object.
//
typedef union
{
OBJECT entity;
HASH_OBJECT hash;
} ANY_OBJECT;
//
//
// AUTH_DUP Types
//
// These values are used in the authorization processing.
//
typedef UINT32 AUTH_ROLE;
#define AUTH_NONE ((AUTH_ROLE)(0))
#define AUTH_USER ((AUTH_ROLE)(1))
#define AUTH_ADMIN ((AUTH_ROLE)(2))
#define AUTH_DUP ((AUTH_ROLE)(3))
//
//
// Active Session Context
//
// Description
//
// The structures in this section define the internal structure of a session context.
//
// SESSION_ATTRIBUTES
//
// The attributes in the SESSION_ATTRIBUTES structure track the various properties of the session. It
// maintains most of the tracking state information for the policy session. It is used within the SESSION
// structure.
//
typedef struct
{
unsigned isPolicy : 1; //1) SET if the session may only
// be used for policy
unsigned isAudit : 1; //2) SET if the session is used
// for audit
unsigned isBound : 1; //3) SET if the session is bound to
// with an entity.
// This attribute will be CLEAR if
// either isPolicy or isAudit is SET.
unsigned iscpHashDefined : 1;//4) SET if the cpHash has been defined
// This attribute is not SET unless
// 'isPolicy' is SET.
unsigned isAuthValueNeeded : 1;
//5) SET if the authValue is required
// for computing the session HMAC.
// This attribute is not SET unless
// isPolicy is SET.
unsigned isPasswordNeeded : 1;
//6) SET if a password authValue is
// required for authorization
// This attribute is not SET unless
// isPolicy is SET.
unsigned isPPRequired : 1; //7) SET if physical presence is
// required to be asserted when the
// authorization is checked.
// This attribute is not SET unless
// isPolicy is SET.
unsigned isTrialPolicy : 1; //8) SET if the policy session is
// created for trial of the policy's
// policyHash generation.
// This attribute is not SET unless
// isPolicy is SET.
unsigned isDaBound : 1; //9) SET if the bind entity had noDA
// CLEAR. If this is SET, then an
// auth failure using this session
// will count against lockout even
// if the object being authorized is
// exempt from DA.
unsigned isLockoutBound : 1; //10)SET if the session is bound to
// lockoutAuth.
unsigned requestWasBound : 1;//11) SET if the session is being used
// with the bind entity. If SET
// the authValue will not be use
// in the response HMAC computation.
unsigned checkNvWritten : 1; //12) SET if the TPMA_NV_WRITTEN
// attribute needs to be checked
// when the policy is used for
// authorization for NV access.
// If this is SET for any other
// type, the policy will fail.
unsigned nvWrittenState : 1; //13) SET if TPMA_NV_WRITTEN is
// required to be SET.
} SESSION_ATTRIBUTES;
//
//
// SESSION Structure
//
// The SESSION structure contains all the context of a session except for the associated contextID.
//
// NOTE: The contextID of a session is only relevant when the session context is stored off the TPM.
//
typedef struct
{
TPM_ALG_ID authHashAlg; // session hash algorithm
TPM2B_NONCE nonceTPM; // last TPM-generated nonce for
// this session
TPMT_SYM_DEF symmetric; // session symmetric algorithm (if any)
TPM2B_AUTH sessionKey; // session secret value used for
// generating HMAC and encryption keys
SESSION_ATTRIBUTES attributes; // session attributes
TPM_CC commandCode; // command code (policy session)
TPMA_LOCALITY commandLocality; // command locality (policy session)
UINT32 pcrCounter; // PCR counter value when PCR is
// included (policy session)
// If no PCR is included, this
// value is 0.
UINT64 startTime; // value of TPMS_CLOCK_INFO.clock when
// the session was started (policy
//
// session)
UINT64 timeOut; // timeout relative to
// TPMS_CLOCK_INFO.clock
// There is no timeout if this value
// is 0.
union
{
TPM2B_NAME boundEntity; // value used to track the entity to
// which the session is bound
TPM2B_DIGEST cpHash; // the required cpHash value for the
// command being authorized
} u1; // 'boundEntity' and 'cpHash' may
// share the same space to save memory
union
{
TPM2B_DIGEST auditDigest; // audit session digest
TPM2B_DIGEST policyDigest; // policyHash
} u2; // audit log and policyHash may
// share space to save memory
} SESSION;
//
//
// PCR
//
// PCR_SAVE Structure
//
// The PCR_SAVE structure type contains the PCR data that are saved across power cycles. Only the static
// PCR are required to be saved across power cycles. The DRTM and resettable PCR are not saved. The
// number of static and resettable PCR is determined by the platform-specific specification to which the TPM
// is built.
//
typedef struct
{
#ifdef TPM_ALG_SHA1
BYTE sha1[NUM_STATIC_PCR][SHA1_DIGEST_SIZE];
#endif
#ifdef TPM_ALG_SHA256
BYTE sha256[NUM_STATIC_PCR][SHA256_DIGEST_SIZE];
#endif
#ifdef TPM_ALG_SHA384
BYTE sha384[NUM_STATIC_PCR][SHA384_DIGEST_SIZE];
#endif
#ifdef TPM_ALG_SHA512
BYTE sha512[NUM_STATIC_PCR][SHA512_DIGEST_SIZE];
#endif
#ifdef TPM_ALG_SM3_256
BYTE sm3_256[NUM_STATIC_PCR][SM3_256_DIGEST_SIZE];
#endif
// This counter increments whenever the PCR are updated.
// NOTE: A platform-specific specification may designate
// certain PCR changes as not causing this counter
// to increment.
UINT32 pcrCounter;
} PCR_SAVE;
//
//
//
// PCR_POLICY
//
// This structure holds the PCR policies, one for each group of PCR controlled by policy.
//
typedef struct
{
TPMI_ALG_HASH hashAlg[NUM_POLICY_PCR_GROUP];
TPM2B_DIGEST a;
TPM2B_DIGEST policy[NUM_POLICY_PCR_GROUP];
} PCR_POLICY;
//
//
// PCR_AUTHVALUE
//
// This structure holds the PCR policies, one for each group of PCR controlled by policy.
//
typedef struct
{
TPM2B_DIGEST auth[NUM_AUTHVALUE_PCR_GROUP];
} PCR_AUTHVALUE;
//
//
// Startup
//
// SHUTDOWN_NONE
//
// Part 2 defines the two shutdown/startup types that may be used in TPM2_Shutdown() and
// TPM2_Starup(). This additional define is used by the TPM to indicate that no shutdown was received.
//
// NOTE: This is a reserved value.
//
#define SHUTDOWN_NONE (TPM_SU)(0xFFFF)
//
//
// STARTUP_TYPE
//
// This enumeration is the possible startup types. The type is determined by the combination of
// TPM2_ShutDown() and TPM2_Startup().
//
typedef enum
{
SU_RESET,
SU_RESTART,
SU_RESUME
} STARTUP_TYPE;
//
//
// NV
//
// NV_RESERVE
//
// This enumeration defines the master list of the elements of a reserved portion of NV. This list includes all
// the pre-defined data that takes space in NV, either as persistent data or as state save data. The
// enumerations are used as indexes into an array of offset values. The offset values then are used to index
// into NV. This is method provides an imperfect analog to an actual NV implementation.
//
typedef enum
{
// Entries below mirror the PERSISTENT_DATA structure. These values are written
// to NV as individual items.
// hierarchy
NV_DISABLE_CLEAR,
NV_OWNER_ALG,
NV_ENDORSEMENT_ALG,
NV_LOCKOUT_ALG,
NV_OWNER_POLICY,
NV_ENDORSEMENT_POLICY,
NV_LOCKOUT_POLICY,
NV_OWNER_AUTH,
NV_ENDORSEMENT_AUTH,
NV_LOCKOUT_AUTH,
NV_EP_SEED,
NV_SP_SEED,
NV_PP_SEED,
NV_PH_PROOF,
NV_SH_PROOF,
NV_EH_PROOF,
// Time
NV_TOTAL_RESET_COUNT,
NV_RESET_COUNT,
// PCR
NV_PCR_POLICIES,
NV_PCR_ALLOCATED,
// Physical Presence
NV_PP_LIST,
// Dictionary Attack
NV_FAILED_TRIES,
NV_MAX_TRIES,
NV_RECOVERY_TIME,
NV_LOCKOUT_RECOVERY,
NV_LOCKOUT_AUTH_ENABLED,
// Orderly State flag
NV_ORDERLY,
// Command Audit
NV_AUDIT_COMMANDS,
NV_AUDIT_HASH_ALG,
NV_AUDIT_COUNTER,
// Algorithm Set
NV_ALGORITHM_SET,
NV_FIRMWARE_V1,
NV_FIRMWARE_V2,
// The entries above are in PERSISTENT_DATA. The entries below represent
// structures that are read and written as a unit.
// ORDERLY_DATA data structure written on each orderly shutdown
NV_ORDERLY_DATA,
// STATE_CLEAR_DATA structure written on each Shutdown(STATE)
NV_STATE_CLEAR,
// STATE_RESET_DATA structure written on each Shutdown(STATE)
NV_STATE_RESET,
NV_RESERVE_LAST // end of NV reserved data list
} NV_RESERVE;
//
// NV_INDEX
//
// The NV_INDEX structure defines the internal format for an NV index. The indexData size varies
// according to the type of the index. In this implementation, all of the index is manipulated as a unit.
//
typedef struct
{
TPMS_NV_PUBLIC publicArea;
TPM2B_AUTH authValue;
} NV_INDEX;
//
//
// COMMIT_INDEX_MASK
//
// This is the define for the mask value that is used when manipulating the bits in the commit bit array. The
// commit counter is a 64-bit value and the low order bits are used to index the commitArray. This mask
// value is applied to the commit counter to extract the bit number in the array.
//
#ifdef TPM_ALG_ECC
#define COMMIT_INDEX_MASK ((UINT16)((sizeof(gr.commitArray)*8)-1))
#endif
//
//
// RAM Global Values
//
// Description
//
// The values in this section are only extant in RAM. They are defined here and instanced in Global.c.
//
// g_rcIndex
//
// This array is used to contain the array of values that are added to a return code when it is a parameter-,
// handle-, or session-related error. This is an implementation choice and the same result can be achieved
// by using a macro.
//
extern const UINT16 g_rcIndex[15];
//
//
// g_exclusiveAuditSession
//
// This location holds the session handle for the current exclusive audit session. If there is no exclusive
// audit session, the location is set to TPM_RH_UNASSIGNED.
//
extern TPM_HANDLE g_exclusiveAuditSession;
//
//
// g_time
//
// This value is the count of milliseconds since the TPM was powered up. This value is initialized at
// _TPM_Init().
//
extern UINT64 g_time;
//
//
// g_phEnable
//
// This is the platform hierarchy control and determines if the platform hierarchy is available. This value is
// SET on each TPM2_Startup(). The default value is SET.
//
extern BOOL g_phEnable;
// g_pceReConfig
//
// This value is SET if a TPM2_PCR_Allocate() command successfully executed since the last
// TPM2_Startup(). If so, then the next shutdown is required to be Shutdown(CLEAR).
//
extern BOOL g_pcrReConfig;
//
//
// g_DRTMHandle
//
// This location indicates the sequence object handle that holds the DRTM sequence data. When not used,
// it is set to TPM_RH_UNASSIGNED. A sequence DRTM sequence is started on either _TPM_Init() or
// _TPM_Hash_Start().
//
extern TPMI_DH_OBJECT g_DRTMHandle;
//
//
// g_DrtmPreStartup
//
// This value indicates that an H-CRTM occurred after _TPM_Init() but before TPM2_Startup(). The define
// for PRE_STARTUP_FLAG is used to add the g_DrtmPreStartup value to gp_orderlyState at shutdown.
// This hack is to avoid adding another NV variable.
//
extern BOOL g_DrtmPreStartup;
#define PRE_STARTUP_FLAG 0x8000
//
//
// g_StartupLocality3
//
// This value indicates that a TPM2_Startup() occured at locality 3. Otherwise, it at locality 0. The define for
// STARTUP_LOCALITY_3 is to indicate that the startup was not at locality 0. This hack is to avoid adding
// another NV variable.
//
extern BOOL g_StartupLocality3;
#define STARTUP_LOCALITY_3 0x4000
//
//
// g_updateNV
//
// This flag indicates if NV should be updated at the end of a command. This flag is set to FALSE at the
// beginning of each command in ExecuteCommand(). This flag is checked in ExecuteCommand() after the
// detailed actions of a command complete. If the command execution was successful and this flag is SET,
// any pending NV writes will be committed to NV.
//
extern BOOL g_updateNV;
//
//
// g_clearOrderly
//
// This flag indicates if the execution of a command should cause the orderly state to be cleared. This flag
// is set to FALSE at the beginning of each command in ExecuteCommand() and is checked in
// ExecuteCommand() after the detailed actions of a command complete but before the check of
// g_updateNV. If this flag is TRUE, and the orderly state is not SHUTDOWN_NONE, then the orderly state
// in NV memory will be changed to SHUTDOWN_NONE.
//
extern BOOL g_clearOrderly;
//
//
//
// g_prevOrderlyState
//
// This location indicates how the TPM was shut down before the most recent TPM2_Startup(). This value,
// along with the startup type, determines if the TPM should do a TPM Reset, TPM Restart, or TPM
// Resume.
//
extern TPM_SU g_prevOrderlyState;
//
//
// g_nvOk
//
// This value indicates if the NV integrity check was successful or not. If not and the failure was severe, then
// the TPM would have been put into failure mode after it had been re-manufactured. If the NV failure was in
// the area where the state-save data is kept, then this variable will have a value of FALSE indicating that a
// TPM2_Startup(CLEAR) is required.
//
extern BOOL g_nvOk;
//
//
// g_platformUnique
//
// This location contains the unique value(s) used to identify the TPM. It is loaded on every
// _TPM2_Startup() The first value is used to seed the RNG. The second value is used as a vendor
// authValue. The value used by the RNG would be the value derived from the chip unique value (such as
// fused) with a dependency on the authorities of the code in the TPM boot path. The second would be
// derived from the chip unique value with a dependency on the details of the code in the boot path. That is,
// the first value depends on the various signers of the code and the second depends on what was signed.
// The TPM vendor should not be able to know the first value but they are expected to know the second.
//
extern TPM2B_AUTH g_platformUniqueAuthorities; // Reserved for RNG
extern TPM2B_AUTH g_platformUniqueDetails; // referenced by VENDOR_PERMANENT
//
//
// Persistent Global Values
//
// Description
//
// The values in this section are global values that are persistent across power events. The lifetime of the
// values determines the structure in which the value is placed.
//
// PERSISTENT_DATA
//
// This structure holds the persistent values that only change as a consequence of a specific Protected
// Capability and are not affected by TPM power events (TPM2_Startup() or TPM2_Shutdown().
//
typedef struct
{
//*********************************************************************************
// Hierarchy
//*********************************************************************************
// The values in this section are related to the hierarchies.
BOOL disableClear; // TRUE if TPM2_Clear() using
// lockoutAuth is disabled
// Hierarchy authPolicies
TPMI_ALG_HASH ownerAlg;
TPMI_ALG_HASH endorsementAlg;
TPMI_ALG_HASH lockoutAlg;
TPM2B_DIGEST ownerPolicy;
TPM2B_DIGEST endorsementPolicy;
TPM2B_DIGEST lockoutPolicy;
// Hierarchy authValues
TPM2B_AUTH ownerAuth;
TPM2B_AUTH endorsementAuth;
TPM2B_AUTH lockoutAuth;
// Primary Seeds
TPM2B_SEED EPSeed;
TPM2B_SEED SPSeed;
TPM2B_SEED PPSeed;
// Note there is a nullSeed in the state_reset memory.
// Hierarchy proofs
TPM2B_AUTH phProof;
TPM2B_AUTH shProof;
TPM2B_AUTH ehProof;
// Note there is a nullProof in the state_reset memory.
//*********************************************************************************
// Reset Events
//*********************************************************************************
// A count that increments at each TPM reset and never get reset during the life
// time of TPM. The value of this counter is initialized to 1 during TPM
// manufacture process.
UINT64 totalResetCount;
// This counter increments on each TPM Reset. The counter is reset by
// TPM2_Clear().
UINT32 resetCount;
//*********************************************************************************
// PCR
//*********************************************************************************
// This structure hold the policies for those PCR that have an update policy.
// This implementation only supports a single group of PCR controlled by
// policy. If more are required, then this structure would be changed to
// an array.
PCR_POLICY pcrPolicies;
// This structure indicates the allocation of PCR. The structure contains a
// list of PCR allocations for each implemented algorithm. If no PCR are
// allocated for an algorithm, a list entry still exists but the bit map
// will contain no SET bits.
TPML_PCR_SELECTION pcrAllocated;
//*********************************************************************************
// Physical Presence
//*********************************************************************************
// The PP_LIST type contains a bit map of the commands that require physical
// to be asserted when the authorization is evaluated. Physical presence will be
// checked if the corresponding bit in the array is SET and if the authorization
// handle is TPM_RH_PLATFORM.
//
// These bits may be changed with TPM2_PP_Commands().
BYTE ppList[((TPM_CC_PP_LAST - TPM_CC_PP_FIRST + 1) + 7)/8];
//*********************************************************************************
// Dictionary attack values
//*********************************************************************************
// These values are used for dictionary attack tracking and control.
UINT32 failedTries; // the current count of unexpired
// authorization failures
UINT32 maxTries; // number of unexpired authorization
// failures before the TPM is in
// lockout
UINT32 recoveryTime; // time between authorization failures
// before failedTries is decremented
UINT32 lockoutRecovery; // time that must expire between
// authorization failures associated
// with lockoutAuth
BOOL lockOutAuthEnabled; // TRUE if use of lockoutAuth is
// allowed
//*****************************************************************************
// Orderly State
//*****************************************************************************
// The orderly state for current cycle
TPM_SU orderlyState;
//*****************************************************************************
// Command audit values.
//*****************************************************************************
BYTE auditComands[((TPM_CC_LAST - TPM_CC_FIRST + 1) + 7) / 8];
TPMI_ALG_HASH auditHashAlg;
UINT64 auditCounter;
//*****************************************************************************
// Algorithm selection
//*****************************************************************************
//
// The 'algorithmSet' value indicates the collection of algorithms that are
// currently in used on the TPM. The interpretation of value is vendor dependent.
UINT32 algorithmSet;
//*****************************************************************************
// Firmware version
//*****************************************************************************
// The firmwareV1 and firmwareV2 values are instanced in TimeStamp.c. This is
// a scheme used in development to allow determination of the linker build time
// of the TPM. An actual implementation would implement these values in a way that
// is consistent with vendor needs. The values are maintained in RAM for simplified
// access with a master version in NV. These values are modified in a
// vendor-specific way.
// g_firmwareV1 contains the more significant 32-bits of the vendor version number.
// In the reference implementation, if this value is printed as a hex
// value, it will have the format of yyyymmdd
UINT32 firmwareV1;
// g_firmwareV1 contains the less significant 32-bits of the vendor version number.
// In the reference implementation, if this value is printed as a hex
// value, it will have the format of 00 hh mm ss
UINT32 firmwareV2;
} PERSISTENT_DATA;
extern PERSISTENT_DATA gp;
//
//
// ORDERLY_DATA
//
// The data in this structure is saved to NV on each TPM2_Shutdown().
//
typedef struct orderly_data
{
//
//*****************************************************************************
// TIME
//*****************************************************************************
// Clock has two parts. One is the state save part and one is the NV part. The
// state save version is updated on each command. When the clock rolls over, the
// NV version is updated. When the TPM starts up, if the TPM was shutdown in and
// orderly way, then the sClock value is used to initialize the clock. If the
// TPM shutdown was not orderly, then the persistent value is used and the safe
// attribute is clear.
UINT64 clock; // The orderly version of clock
TPMI_YES_NO clockSafe; // Indicates if the clock value is
// safe.
//*********************************************************************************
// DRBG
//*********************************************************************************
#ifdef _DRBG_STATE_SAVE
// This is DRBG state data. This is saved each time the value of clock is
// updated.
DRBG_STATE drbgState;
#endif
} ORDERLY_DATA;
extern ORDERLY_DATA go;
//
//
// STATE_CLEAR_DATA
//
// This structure contains the data that is saved on Shutdown(STATE). and restored on Startup(STATE).
// The values are set to their default settings on any Startup(Clear). In other words the data is only
// persistent across TPM Resume.
// If the comments associated with a parameter indicate a default reset value, the value is applied on each
// Startup(CLEAR).
//
typedef struct state_clear_data
{
//*****************************************************************************
// Hierarchy Control
//*****************************************************************************
BOOL shEnable; // default reset is SET
BOOL ehEnable; // default reset is SET
BOOL phEnableNV; // default reset is SET
TPMI_ALG_HASH platformAlg; // default reset is TPM_ALG_NULL
TPM2B_DIGEST platformPolicy; // default reset is an Empty Buffer
TPM2B_AUTH platformAuth; // default reset is an Empty Buffer
//*****************************************************************************
// PCR
//*****************************************************************************
// The set of PCR to be saved on Shutdown(STATE)
PCR_SAVE pcrSave; // default reset is 0...0
// This structure hold the authorization values for those PCR that have an
// update authorization.
// This implementation only supports a single group of PCR controlled by
// authorization. If more are required, then this structure would be changed to
// an array.
PCR_AUTHVALUE pcrAuthValues;
} STATE_CLEAR_DATA;
extern STATE_CLEAR_DATA gc;
//
//
//
// State Reset Data
//
// This structure contains data is that is saved on Shutdown(STATE) and restored on the subsequent
// Startup(ANY). That is, the data is preserved across TPM Resume and TPM Restart.
// If a default value is specified in the comments this value is applied on TPM Reset.
//
typedef struct state_reset_data
{
//*****************************************************************************
// Hierarchy Control
//*****************************************************************************
TPM2B_AUTH nullProof; // The proof value associated with
// the TPM_RH_NULL hierarchy. The
// default reset value is from the RNG.
TPM2B_SEED nullSeed; // The seed value for the TPM_RN_NULL
// hierarchy. The default reset value
// is from the RNG.
//*****************************************************************************
// Context
//*****************************************************************************
// The 'clearCount' counter is incremented each time the TPM successfully executes
// a TPM Resume. The counter is included in each saved context that has 'stClear'
// SET (including descendants of keys that have 'stClear' SET). This prevents these
// objects from being loaded after a TPM Resume.
// If 'clearCount' at its maximum value when the TPM receives a Shutdown(STATE),
// the TPM will return TPM_RC_RANGE and the TPM will only accept Shutdown(CLEAR).
UINT32 clearCount; // The default reset value is 0.
UINT64 objectContextID; // This is the context ID for a saved
// object context. The default reset
// value is 0.
CONTEXT_SLOT contextArray[MAX_ACTIVE_SESSIONS];
// This is the value from which the
// 'contextID' is derived. The
// default reset value is {0}.
CONTEXT_COUNTER contextCounter; // This array contains contains the
// values used to track the version
// numbers of saved contexts (see
// Session.c in for details). The
// default reset value is 0.
//*****************************************************************************
// Command Audit
//*****************************************************************************
// When an audited command completes, ExecuteCommand() checks the return
// value. If it is TPM_RC_SUCCESS, and the command is an audited command, the
// TPM will extend the cpHash and rpHash for the command to this value. If this
// digest was the Zero Digest before the cpHash was extended, the audit counter
// is incremented.
TPM2B_DIGEST commandAuditDigest; // This value is set to an Empty Digest
// by TPM2_GetCommandAuditDigest() or a
// TPM Reset.
//*****************************************************************************
// Boot counter
//*****************************************************************************
UINT32 restartCount; // This counter counts TPM Restarts.
// The default reset value is 0.
//
//*********************************************************************************
// PCR
//*********************************************************************************
// This counter increments whenever the PCR are updated. This counter is preserved
// across TPM Resume even though the PCR are not preserved. This is because
// sessions remain active across TPM Restart and the count value in the session
// is compared to this counter so this counter must have values that are unique
// as long as the sessions are active.
// NOTE: A platform-specific specification may designate that certain PCR changes
// do not increment this counter to increment.
UINT32 pcrCounter; // The default reset value is 0.
#ifdef TPM_ALG_ECC
//*****************************************************************************
// ECDAA
//*****************************************************************************
UINT64 commitCounter; // This counter increments each time
// TPM2_Commit() returns
// TPM_RC_SUCCESS. The default reset
// value is 0.
TPM2B_NONCE commitNonce; // This random value is used to compute
// the commit values. The default reset
// value is from the RNG.
// This implementation relies on the number of bits in g_commitArray being a
// power of 2 (8, 16, 32, 64, etc.) and no greater than 64K.
BYTE commitArray[16]; // The default reset value is {0}.
#endif //TPM_ALG_ECC
} STATE_RESET_DATA;
extern STATE_RESET_DATA gr;
//
//
// Global Macro Definitions
//
// This macro is used to ensure that a handle, session, or parameter number is only added if the response
// code is FMT1.
//
#define RcSafeAddToResult(r, v) \
((r) + (((r) & RC_FMT1) ? (v) : 0))
//
// This macro is used when a parameter is not otherwise referenced in a function. This macro is normally
// not used by itself but is paired with a pAssert() within a #ifdef pAssert. If pAssert is not defined, then a
// parameter might not otherwise be referenced. This macro uses the parameter from the perspective of the
// compiler so it doesn't complain.
//
#define UNREFERENCED(a) ((void)(a))
//
//
// Private data
//
#if defined SESSION_PROCESS_C || defined GLOBAL_C || defined MANUFACTURE_C
//
// From SessionProcess.c
// The following arrays are used to save command sessions information so that the command
// handle/session buffer does not have to be preserved for the duration of the command. These arrays are
// indexed by the session index in accordance with the order of sessions in the session area of the
// command.
//
// Array of the authorization session handles
//
extern TPM_HANDLE s_sessionHandles[MAX_SESSION_NUM];
//
// Array of authorization session attributes
//
extern TPMA_SESSION s_attributes[MAX_SESSION_NUM];
//
// Array of handles authorized by the corresponding authorization sessions; and if none, then
// TPM_RH_UNASSIGNED value is used
//
extern TPM_HANDLE s_associatedHandles[MAX_SESSION_NUM];
//
// Array of nonces provided by the caller for the corresponding sessions
//
extern TPM2B_NONCE s_nonceCaller[MAX_SESSION_NUM];
//
// Array of authorization values (HMAC's or passwords) for the corresponding sessions
//
extern TPM2B_AUTH s_inputAuthValues[MAX_SESSION_NUM];
//
// Special value to indicate an undefined session index
//
#define UNDEFINED_INDEX (0xFFFF)
//
// Index of the session used for encryption of a response parameter
//
extern UINT32 s_encryptSessionIndex;
//
// Index of the session used for decryption of a command parameter
//
extern UINT32 s_decryptSessionIndex;
//
// Index of a session used for audit
//
extern UINT32 s_auditSessionIndex;
//
// The cpHash for an audit session
//
extern TPM2B_DIGEST s_cpHashForAudit;
//
// The cpHash for command audit
//
#ifdef TPM_CC_GetCommandAuditDigest
extern TPM2B_DIGEST s_cpHashForCommandAudit;
#endif
//
// Number of authorization sessions present in the command
//
extern UINT32 s_sessionNum;
//
// Flag indicating if NV update is pending for the lockOutAuthEnabled or failedTries DA parameter
//
extern BOOL s_DAPendingOnNV;
#endif // SESSION_PROCESS_C
#if defined DA_C || defined GLOBAL_C || defined MANUFACTURE_C
//
// From DA.c
//
// This variable holds the accumulated time since the last time that failedTries was decremented. This value
// is in millisecond.
//
extern UINT64 s_selfHealTimer;
//
// This variable holds the accumulated time that the lockoutAuth has been blocked.
//
extern UINT64 s_lockoutTimer;
#endif // DA_C
#if defined NV_C || defined GLOBAL_C
//
// From NV.c
// List of pre-defined address of reserved data
//
extern UINT32 s_reservedAddr[NV_RESERVE_LAST];
//
// List of pre-defined reserved data size in byte
//
extern UINT32 s_reservedSize[NV_RESERVE_LAST];
//
// Size of data in RAM index buffer
//
extern UINT32 s_ramIndexSize;
//
// Reserved RAM space for frequently updated NV Index. The data layout in ram buffer is {NV_handle(),
// size of data, data} for each NV index data stored in RAM
//
extern BYTE s_ramIndex[RAM_INDEX_SPACE];
//
// Address of size of RAM index space in NV
//
extern UINT32 s_ramIndexSizeAddr;
//
// Address of NV copy of RAM index space
//
extern UINT32 s_ramIndexAddr;
//
// Address of maximum counter value; an auxiliary variable to implement NV counters
//
extern UINT32 s_maxCountAddr;
//
// Beginning of NV dynamic area; starts right after the s_maxCountAddr and s_evictHandleMapAddr
// variables
//
extern UINT32 s_evictNvStart;
//
// Beginning of NV dynamic area; also the beginning of the predefined reserved data area.
//
extern UINT32 s_evictNvEnd;
//
// NV availability is sampled as the start of each command and stored here so that its value remains
// consistent during the command execution
//
extern TPM_RC s_NvStatus;
#endif
#if defined OBJECT_C || defined GLOBAL_C
//
// From Object.c
//
// This type is the container for an object.
//
typedef struct
{
BOOL occupied;
ANY_OBJECT object;
} OBJECT_SLOT;
//
// This is the memory that holds the loaded objects.
//
extern OBJECT_SLOT s_objects[MAX_LOADED_OBJECTS];
#endif // OBJECT_C
#if defined PCR_C || defined GLOBAL_C
//
// From PCR.c
//
typedef struct
{
#ifdef TPM_ALG_SHA1
// SHA1 PCR
BYTE sha1Pcr[SHA1_DIGEST_SIZE];
#endif
#ifdef TPM_ALG_SHA256
// SHA256 PCR
BYTE sha256Pcr[SHA256_DIGEST_SIZE];
#endif
#ifdef TPM_ALG_SHA384
// SHA384 PCR
BYTE sha384Pcr[SHA384_DIGEST_SIZE];
#endif
#ifdef TPM_ALG_SHA512
// SHA512 PCR
BYTE sha512Pcr[SHA512_DIGEST_SIZE];
#endif
#ifdef TPM_ALG_SM3_256
// SHA256 PCR
BYTE sm3_256Pcr[SM3_256_DIGEST_SIZE];
#endif
} PCR;
typedef struct
{
unsigned int stateSave : 1; // if the PCR value should be
// saved in state save
unsigned int resetLocality : 5; // The locality that the PCR
// can be reset
unsigned int extendLocality : 5; // The locality that the PCR
// can be extend
} PCR_Attributes;
extern PCR s_pcrs[IMPLEMENTATION_PCR];
#endif // PCR_C
#if defined SESSION_C || defined GLOBAL_C
//
// From Session.c
// Container for HMAC or policy session tracking information
//
typedef struct
{
BOOL occupied;
SESSION session; // session structure
} SESSION_SLOT;
extern SESSION_SLOT s_sessions[MAX_LOADED_SESSIONS];
//
//
//
//
// The index in conextArray that has the value of the oldest saved session context. When no context is
// saved, this will have a value that is greater than or equal to MAX_ACTIVE_SESSIONS.
//
extern UINT32 s_oldestSavedSession;
//
// The number of available session slot openings. When this is 1, a session can't be created or loaded if the
// GAP is maxed out. The exception is that the oldest saved session context can always be loaded
// (assuming that there is a space in memory to put it)
//
extern int s_freeSessionSlots;
#endif // SESSION_C
//
// From Manufacture.c
//
extern BOOL g_manufactured;
#if defined POWER_C || defined GLOBAL_C
//
// From Power.c
// This value indicates if a TPM2_Startup() commands has been receive since the power on event. This
// flag is maintained in power simulation module because this is the only place that may reliably set this flag
// to FALSE.
//
extern BOOL s_initialized;
#endif // POWER_C
#if defined MEMORY_LIB_C || defined GLOBAL_C
//
// The s_actionOutputBuffer should not be modifiable by the host system until the TPM has returned a
// response code. The s_actionOutputBuffer should not be accessible until response parameter encryption,
// if any, is complete.
//
extern UINT32 s_actionInputBuffer[1024]; // action input buffer
extern UINT32 s_actionOutputBuffer[1024]; // action output buffer
extern BYTE s_responseBuffer[MAX_RESPONSE_SIZE];// response buffer
#endif // MEMORY_LIB_C
//
// From TPMFail.c
// This value holds the address of the string containing the name of the function in which the failure
// occurred. This address value isn't useful for anything other than helping the vendor to know in which file
// the failure occurred.
//
#ifndef EMBEDDED_MODE
extern jmp_buf g_jumpBuffer; // the jump buffer
#endif
extern BOOL g_inFailureMode; // Indicates that the TPM is in failure mode
extern BOOL g_forceFailureMode; // flag to force failure mode during test
#if defined TPM_FAIL_C || defined GLOBAL_C || 1
extern UINT32 s_failFunction;
extern UINT32 s_failLine; // the line in the file at which
// the error was signaled
extern UINT32 s_failCode; // the error code used
#endif // TPM_FAIL_C
#endif // GLOBAL_H
|
