Vadim Bendebury | 5679752 | 2015-05-20 10:32:25 -0700 | [diff] [blame] | 1 | // This file was extracted from the TCG Published |
| 2 | // Trusted Platform Module Library |
| 3 | // Part 4: Supporting Routines |
| 4 | // Family "2.0" |
| 5 | // Level 00 Revision 01.16 |
| 6 | // October 30, 2014 |
| 7 | |
| 8 | #ifndef GLOBAL_H |
| 9 | #define GLOBAL_H |
| 10 | //#define SELF_TEST |
| 11 | #include "TpmBuildSwitches.h" |
| 12 | #include "Tpm.h" |
| 13 | #include "TPMB.h" |
| 14 | #include "CryptoEngine.h" |
| 15 | #include <setjmp.h> |
| 16 | // |
| 17 | // |
| 18 | // |
| 19 | // Defines and Types |
| 20 | // |
| 21 | // Unreferenced Parameter |
| 22 | // |
| 23 | // This define is used to eliminate the compiler warning about an unreferenced parameter. Basically, it tells |
| 24 | // the compiler that it is not an accident that the parameter is unreferenced. |
| 25 | // |
| 26 | #ifndef UNREFERENCED_PARAMETER |
| 27 | # define UNREFERENCED_PARAMETER(a) (a) |
| 28 | #endif |
| 29 | #include "bits.h" |
| 30 | // |
| 31 | // |
| 32 | // Crypto Self-Test Values |
| 33 | // |
| 34 | // Define these values here if the AlgorithmTests() project is not used |
| 35 | // |
| 36 | #ifndef SELF_TEST |
| 37 | extern ALGORITHM_VECTOR g_implementedAlgorithms; |
| 38 | extern ALGORITHM_VECTOR g_toTest; |
| 39 | #else |
| 40 | LIB_IMPORT extern ALGORITHM_VECTOR g_implementedAlgorithms; |
| 41 | LIB_IMPORT extern ALGORITHM_VECTOR g_toTest; |
| 42 | #endif |
| 43 | // |
| 44 | // These macros are used in CryptUtil() to invoke the incremental self test. |
| 45 | // |
| 46 | #define TEST(alg) if(TEST_BIT(alg, g_toTest)) CryptTestAlgorithm(alg, NULL) |
| 47 | // |
| 48 | // Use of TPM_ALG_NULL is reserved for RSAEP/RSADP testing. If someone is wanting to test a hash with |
| 49 | // that value, don't do it. |
| 50 | // |
| 51 | #define TEST_HASH(alg) \ |
| 52 | if( TEST_BIT(alg, g_toTest) \ |
| 53 | && (alg != ALG_NULL_VALUE)) \ |
| 54 | CryptTestAlgorithm(alg, NULL) |
| 55 | // |
| 56 | // |
| 57 | // Hash and HMAC State Structures |
| 58 | // |
| 59 | // These definitions are for the types that can be in a hash state structure. These types are used in the |
| 60 | // crypto utilities |
| 61 | // |
| 62 | typedef BYTE HASH_STATE_TYPE; |
| 63 | #define HASH_STATE_EMPTY ((HASH_STATE_TYPE) 0) |
| 64 | #define HASH_STATE_HASH ((HASH_STATE_TYPE) 1) |
| 65 | #define HASH_STATE_HMAC ((HASH_STATE_TYPE) 2) |
| 66 | // |
| 67 | // A HASH_STATE structure contains an opaque hash stack state. A caller would use this structure when |
| 68 | // performing incremental hash operations. The state is updated on each call. If type is an HMAC_STATE, |
| 69 | // or HMAC_STATE_SEQUENCE then state is followed by the HMAC key in oPad format. |
| 70 | // |
| 71 | typedef struct |
| 72 | { |
| 73 | CPRI_HASH_STATE state; // hash state |
| 74 | HASH_STATE_TYPE type; // type of the context |
| 75 | } HASH_STATE; |
| 76 | // |
| 77 | // |
| 78 | // |
| 79 | // |
| 80 | // An HMAC_STATE structure contains an opaque HMAC stack state. A caller would use this structure |
| 81 | // when performing incremental HMAC operations. This structure contains a hash state and an HMAC key |
| 82 | // and allows slightly better stack optimization than adding an HMAC key to each hash state. |
| 83 | // |
| 84 | typedef struct |
| 85 | { |
| 86 | HASH_STATE hashState; // the hash state |
| 87 | TPM2B_HASH_BLOCK hmacKey; // the HMAC key |
| 88 | } HMAC_STATE; |
| 89 | // |
| 90 | // |
| 91 | // Other Types |
| 92 | // |
| 93 | // An AUTH_VALUE is a BYTE array containing a digest (TPMU_HA) |
| 94 | // |
| 95 | typedef BYTE AUTH_VALUE[sizeof(TPMU_HA)]; |
| 96 | // |
| 97 | // A TIME_INFO is a BYTE array that can contain a TPMS_TIME_INFO |
| 98 | // |
| 99 | typedef BYTE TIME_INFO[sizeof(TPMS_TIME_INFO)]; |
| 100 | // |
| 101 | // A NAME is a BYTE array that can contain a TPMU_NAME |
| 102 | // |
| 103 | typedef BYTE NAME[sizeof(TPMU_NAME)]; |
| 104 | // |
| 105 | // |
| 106 | // Loaded Object Structures |
| 107 | // |
| 108 | // Description |
| 109 | // |
| 110 | // The structures in this section define the object layout as it exists in TPM memory. |
| 111 | // Two types of objects are defined: an ordinary object such as a key, and a sequence object that may be a |
| 112 | // hash, HMAC, or event. |
| 113 | // |
| 114 | // OBJECT_ATTRIBUTES |
| 115 | // |
| 116 | // An OBJECT_ATTRIBUTES structure contains the variable attributes of an object. These properties are |
| 117 | // not part of the public properties but are used by the TPM in managing the object. An |
| 118 | // OBJECT_ATTRIBUTES is used in the definition of the OBJECT data type. |
| 119 | // |
| 120 | typedef struct |
| 121 | { |
| 122 | unsigned publicOnly : 1; //0) SET if only the public portion of |
| 123 | // an object is loaded |
| 124 | unsigned epsHierarchy : 1; //1) SET if the object belongs to EPS |
| 125 | // Hierarchy |
| 126 | unsigned ppsHierarchy : 1; //2) SET if the object belongs to PPS |
| 127 | // Hierarchy |
| 128 | unsigned spsHierarchy : 1; //3) SET f the object belongs to SPS |
| 129 | // Hierarchy |
| 130 | unsigned evict : 1; //4) SET if the object is a platform or |
| 131 | // owner evict object. Platform- |
| 132 | // evict object belongs to PPS |
| 133 | // hierarchy, owner-evict object |
| 134 | // belongs to SPS or EPS hierarchy. |
| 135 | // This bit is also used to mark a |
| 136 | // completed sequence object so it |
| 137 | // will be flush when the |
| 138 | // SequenceComplete command succeeds. |
| 139 | unsigned primary : 1; //5) SET for a primary object |
| 140 | unsigned temporary : 1; |
| 141 | //6) SET for a temporary object |
| 142 | unsigned stClear : 1; |
| 143 | //7) SET for an stClear object |
| 144 | unsigned hmacSeq : 1; |
| 145 | //8) SET for an HMAC sequence object |
| 146 | unsigned hashSeq : 1; |
| 147 | //9) SET for a hash sequence object |
| 148 | unsigned eventSeq : 1; |
| 149 | //10) SET for an event sequence object |
| 150 | unsigned ticketSafe : 1; |
| 151 | //11) SET if a ticket is safe to create |
| 152 | // for hash sequence object |
| 153 | unsigned firstBlock : 1; //12) SET if the first block of hash |
| 154 | // data has been received. It |
| 155 | // works with ticketSafe bit |
| 156 | unsigned isParent : 1; //13) SET if the key has the proper |
| 157 | // attributes to be a parent key |
| 158 | unsigned privateExp : 1; //14) SET when the private exponent |
| 159 | // of an RSA key has been validated. |
| 160 | unsigned reserved : 1; //15) reserved bits. unused. |
| 161 | } OBJECT_ATTRIBUTES; |
| 162 | // |
| 163 | // |
| 164 | // OBJECT Structure |
| 165 | // |
| 166 | // An OBJECT structure holds the object public, sensitive, and meta-data associated. This structure is |
| 167 | // implementation dependent. For this implementation, the structure is not optimized for space but rather for |
| 168 | // clarity of the reference implementation. Other implementations may choose to overlap portions of the |
| 169 | // structure that are not used simultaneously. These changes would necessitate changes to the source code |
| 170 | // but those changes would be compatible with the reference implementation. |
| 171 | // |
| 172 | typedef struct |
| 173 | { |
| 174 | // The attributes field is required to be first followed by the publicArea. |
| 175 | // This allows the overlay of the object structure and a sequence structure |
| 176 | OBJECT_ATTRIBUTES attributes; // object attributes |
| 177 | TPMT_PUBLIC publicArea; // public area of an object |
| 178 | TPMT_SENSITIVE sensitive; // sensitive area of an object |
| 179 | #ifdef TPM_ALG_RSA |
| 180 | TPM2B_PUBLIC_KEY_RSA privateExponent; // Additional field for the private |
| 181 | // exponent of an RSA key. |
| 182 | #endif |
| 183 | TPM2B_NAME qualifiedName; // object qualified name |
| 184 | TPMI_DH_OBJECT evictHandle; // if the object is an evict object, |
| 185 | // the original handle is kept here. |
| 186 | // The 'working' handle will be the |
| 187 | // handle of an object slot. |
| 188 | TPM2B_NAME name; // Name of the object name. Kept here |
| 189 | // to avoid repeatedly computing it. |
| 190 | } OBJECT; |
| 191 | // |
| 192 | // |
| 193 | // HASH_OBJECT Structure |
| 194 | // |
| 195 | // This structure holds a hash sequence object or an event sequence object. |
| 196 | // The first four components of this structure are manually set to be the same as the first four components of |
| 197 | // the object structure. This prevents the object from being inadvertently misused as sequence objects |
| 198 | // occupy the same memory as a regular object. A debug check is present to make sure that the offsets are |
| 199 | // what they are supposed to be. |
| 200 | // |
| 201 | typedef struct |
| 202 | { |
| 203 | OBJECT_ATTRIBUTES attributes; // The attributes of the HASH object |
| 204 | TPMI_ALG_PUBLIC type; // algorithm |
| 205 | TPMI_ALG_HASH nameAlg; // name algorithm |
| 206 | TPMA_OBJECT objectAttributes; // object attributes |
| 207 | // The data below is unique to a sequence object |
| 208 | TPM2B_AUTH auth; // auth for use of sequence |
| 209 | union |
| 210 | { |
| 211 | HASH_STATE hashState[HASH_COUNT]; |
| 212 | HMAC_STATE hmacState; |
| 213 | } state; |
| 214 | } HASH_OBJECT; |
| 215 | // |
| 216 | // |
| 217 | // ANY_OBJECT |
| 218 | // |
| 219 | // This is the union for holding either a sequence object or a regular object. |
| 220 | // |
| 221 | typedef union |
| 222 | { |
| 223 | OBJECT entity; |
| 224 | HASH_OBJECT hash; |
| 225 | } ANY_OBJECT; |
| 226 | // |
| 227 | // |
| 228 | // AUTH_DUP Types |
| 229 | // |
| 230 | // These values are used in the authorization processing. |
| 231 | // |
| 232 | typedef UINT32 AUTH_ROLE; |
| 233 | #define AUTH_NONE ((AUTH_ROLE)(0)) |
| 234 | #define AUTH_USER ((AUTH_ROLE)(1)) |
| 235 | #define AUTH_ADMIN ((AUTH_ROLE)(2)) |
| 236 | #define AUTH_DUP ((AUTH_ROLE)(3)) |
| 237 | // |
| 238 | // |
| 239 | // Active Session Context |
| 240 | // |
| 241 | // Description |
| 242 | // |
| 243 | // The structures in this section define the internal structure of a session context. |
| 244 | // |
| 245 | // SESSION_ATTRIBUTES |
| 246 | // |
| 247 | // The attributes in the SESSION_ATTRIBUTES structure track the various properties of the session. It |
| 248 | // maintains most of the tracking state information for the policy session. It is used within the SESSION |
| 249 | // structure. |
| 250 | // |
| 251 | typedef struct |
| 252 | { |
| 253 | unsigned isPolicy : 1; //1) SET if the session may only |
| 254 | // be used for policy |
| 255 | unsigned isAudit : 1; //2) SET if the session is used |
| 256 | // for audit |
| 257 | unsigned isBound : 1; //3) SET if the session is bound to |
| 258 | // with an entity. |
| 259 | // This attribute will be CLEAR if |
| 260 | // either isPolicy or isAudit is SET. |
| 261 | unsigned iscpHashDefined : 1;//4) SET if the cpHash has been defined |
| 262 | // This attribute is not SET unless |
| 263 | // 'isPolicy' is SET. |
| 264 | unsigned isAuthValueNeeded : 1; |
| 265 | //5) SET if the authValue is required |
| 266 | // for computing the session HMAC. |
| 267 | // This attribute is not SET unless |
| 268 | // isPolicy is SET. |
| 269 | unsigned isPasswordNeeded : 1; |
| 270 | //6) SET if a password authValue is |
| 271 | // required for authorization |
| 272 | // This attribute is not SET unless |
| 273 | // isPolicy is SET. |
| 274 | unsigned isPPRequired : 1; //7) SET if physical presence is |
| 275 | // required to be asserted when the |
| 276 | // authorization is checked. |
| 277 | // This attribute is not SET unless |
| 278 | // isPolicy is SET. |
| 279 | unsigned isTrialPolicy : 1; //8) SET if the policy session is |
| 280 | // created for trial of the policy's |
| 281 | // policyHash generation. |
| 282 | // This attribute is not SET unless |
| 283 | // isPolicy is SET. |
| 284 | unsigned isDaBound : 1; //9) SET if the bind entity had noDA |
| 285 | // CLEAR. If this is SET, then an |
| 286 | // auth failure using this session |
| 287 | // will count against lockout even |
| 288 | // if the object being authorized is |
| 289 | // exempt from DA. |
| 290 | unsigned isLockoutBound : 1; //10)SET if the session is bound to |
| 291 | // lockoutAuth. |
| 292 | unsigned requestWasBound : 1;//11) SET if the session is being used |
| 293 | // with the bind entity. If SET |
| 294 | // the authValue will not be use |
| 295 | // in the response HMAC computation. |
| 296 | unsigned checkNvWritten : 1; //12) SET if the TPMA_NV_WRITTEN |
| 297 | // attribute needs to be checked |
| 298 | // when the policy is used for |
| 299 | // authorization for NV access. |
| 300 | // If this is SET for any other |
| 301 | // type, the policy will fail. |
| 302 | unsigned nvWrittenState : 1; //13) SET if TPMA_NV_WRITTEN is |
| 303 | // required to be SET. |
| 304 | } SESSION_ATTRIBUTES; |
| 305 | // |
| 306 | // |
| 307 | // SESSION Structure |
| 308 | // |
| 309 | // The SESSION structure contains all the context of a session except for the associated contextID. |
| 310 | // |
| 311 | // NOTE: The contextID of a session is only relevant when the session context is stored off the TPM. |
| 312 | // |
| 313 | typedef struct |
| 314 | { |
| 315 | TPM_ALG_ID authHashAlg; // session hash algorithm |
| 316 | TPM2B_NONCE nonceTPM; // last TPM-generated nonce for |
| 317 | // this session |
| 318 | TPMT_SYM_DEF symmetric; // session symmetric algorithm (if any) |
| 319 | TPM2B_AUTH sessionKey; // session secret value used for |
| 320 | // generating HMAC and encryption keys |
| 321 | SESSION_ATTRIBUTES attributes; // session attributes |
| 322 | TPM_CC commandCode; // command code (policy session) |
| 323 | TPMA_LOCALITY commandLocality; // command locality (policy session) |
| 324 | UINT32 pcrCounter; // PCR counter value when PCR is |
| 325 | // included (policy session) |
| 326 | // If no PCR is included, this |
| 327 | // value is 0. |
| 328 | UINT64 startTime; // value of TPMS_CLOCK_INFO.clock when |
| 329 | // the session was started (policy |
| 330 | // |
| 331 | // session) |
| 332 | UINT64 timeOut; // timeout relative to |
| 333 | // TPMS_CLOCK_INFO.clock |
| 334 | // There is no timeout if this value |
| 335 | // is 0. |
| 336 | union |
| 337 | { |
| 338 | TPM2B_NAME boundEntity; // value used to track the entity to |
| 339 | // which the session is bound |
| 340 | TPM2B_DIGEST cpHash; // the required cpHash value for the |
| 341 | // command being authorized |
| 342 | } u1; // 'boundEntity' and 'cpHash' may |
| 343 | // share the same space to save memory |
| 344 | union |
| 345 | { |
| 346 | TPM2B_DIGEST auditDigest; // audit session digest |
| 347 | TPM2B_DIGEST policyDigest; // policyHash |
| 348 | } u2; // audit log and policyHash may |
| 349 | // share space to save memory |
| 350 | } SESSION; |
| 351 | // |
| 352 | // |
| 353 | // PCR |
| 354 | // |
| 355 | // PCR_SAVE Structure |
| 356 | // |
| 357 | // The PCR_SAVE structure type contains the PCR data that are saved across power cycles. Only the static |
| 358 | // PCR are required to be saved across power cycles. The DRTM and resettable PCR are not saved. The |
| 359 | // number of static and resettable PCR is determined by the platform-specific specification to which the TPM |
| 360 | // is built. |
| 361 | // |
| 362 | typedef struct |
| 363 | { |
| 364 | #ifdef TPM_ALG_SHA1 |
| 365 | BYTE sha1[NUM_STATIC_PCR][SHA1_DIGEST_SIZE]; |
| 366 | #endif |
| 367 | #ifdef TPM_ALG_SHA256 |
| 368 | BYTE sha256[NUM_STATIC_PCR][SHA256_DIGEST_SIZE]; |
| 369 | #endif |
| 370 | #ifdef TPM_ALG_SHA384 |
| 371 | BYTE sha384[NUM_STATIC_PCR][SHA384_DIGEST_SIZE]; |
| 372 | #endif |
| 373 | #ifdef TPM_ALG_SHA512 |
| 374 | BYTE sha512[NUM_STATIC_PCR][SHA512_DIGEST_SIZE]; |
| 375 | #endif |
| 376 | #ifdef TPM_ALG_SM3_256 |
| 377 | BYTE sm3_256[NUM_STATIC_PCR][SM3_256_DIGEST_SIZE]; |
| 378 | #endif |
| 379 | // This counter increments whenever the PCR are updated. |
| 380 | // NOTE: A platform-specific specification may designate |
| 381 | // certain PCR changes as not causing this counter |
| 382 | // to increment. |
| 383 | UINT32 pcrCounter; |
| 384 | } PCR_SAVE; |
| 385 | // |
| 386 | // |
| 387 | // |
| 388 | // PCR_POLICY |
| 389 | // |
| 390 | // This structure holds the PCR policies, one for each group of PCR controlled by policy. |
| 391 | // |
| 392 | typedef struct |
| 393 | { |
| 394 | TPMI_ALG_HASH hashAlg[NUM_POLICY_PCR_GROUP]; |
| 395 | TPM2B_DIGEST a; |
| 396 | TPM2B_DIGEST policy[NUM_POLICY_PCR_GROUP]; |
| 397 | } PCR_POLICY; |
| 398 | // |
| 399 | // |
| 400 | // PCR_AUTHVALUE |
| 401 | // |
| 402 | // This structure holds the PCR policies, one for each group of PCR controlled by policy. |
| 403 | // |
| 404 | typedef struct |
| 405 | { |
| 406 | TPM2B_DIGEST auth[NUM_AUTHVALUE_PCR_GROUP]; |
| 407 | } PCR_AUTHVALUE; |
| 408 | // |
| 409 | // |
| 410 | // Startup |
| 411 | // |
| 412 | // SHUTDOWN_NONE |
| 413 | // |
| 414 | // Part 2 defines the two shutdown/startup types that may be used in TPM2_Shutdown() and |
| 415 | // TPM2_Starup(). This additional define is used by the TPM to indicate that no shutdown was received. |
| 416 | // |
| 417 | // NOTE: This is a reserved value. |
| 418 | // |
| 419 | #define SHUTDOWN_NONE (TPM_SU)(0xFFFF) |
| 420 | // |
| 421 | // |
| 422 | // STARTUP_TYPE |
| 423 | // |
| 424 | // This enumeration is the possible startup types. The type is determined by the combination of |
| 425 | // TPM2_ShutDown() and TPM2_Startup(). |
| 426 | // |
| 427 | typedef enum |
| 428 | { |
| 429 | SU_RESET, |
| 430 | SU_RESTART, |
| 431 | SU_RESUME |
| 432 | } STARTUP_TYPE; |
| 433 | // |
| 434 | // |
| 435 | // NV |
| 436 | // |
| 437 | // NV_RESERVE |
| 438 | // |
| 439 | // This enumeration defines the master list of the elements of a reserved portion of NV. This list includes all |
| 440 | // the pre-defined data that takes space in NV, either as persistent data or as state save data. The |
| 441 | // enumerations are used as indexes into an array of offset values. The offset values then are used to index |
| 442 | // into NV. This is method provides an imperfect analog to an actual NV implementation. |
| 443 | // |
| 444 | typedef enum |
| 445 | { |
| 446 | // Entries below mirror the PERSISTENT_DATA structure. These values are written |
| 447 | // to NV as individual items. |
| 448 | // hierarchy |
| 449 | NV_DISABLE_CLEAR, |
| 450 | NV_OWNER_ALG, |
| 451 | NV_ENDORSEMENT_ALG, |
| 452 | NV_LOCKOUT_ALG, |
| 453 | NV_OWNER_POLICY, |
| 454 | NV_ENDORSEMENT_POLICY, |
| 455 | NV_LOCKOUT_POLICY, |
| 456 | NV_OWNER_AUTH, |
| 457 | NV_ENDORSEMENT_AUTH, |
| 458 | NV_LOCKOUT_AUTH, |
| 459 | NV_EP_SEED, |
| 460 | NV_SP_SEED, |
| 461 | NV_PP_SEED, |
| 462 | NV_PH_PROOF, |
| 463 | NV_SH_PROOF, |
| 464 | NV_EH_PROOF, |
| 465 | // Time |
| 466 | NV_TOTAL_RESET_COUNT, |
| 467 | NV_RESET_COUNT, |
| 468 | // PCR |
| 469 | NV_PCR_POLICIES, |
| 470 | NV_PCR_ALLOCATED, |
| 471 | // Physical Presence |
| 472 | NV_PP_LIST, |
| 473 | // Dictionary Attack |
| 474 | NV_FAILED_TRIES, |
| 475 | NV_MAX_TRIES, |
| 476 | NV_RECOVERY_TIME, |
| 477 | NV_LOCKOUT_RECOVERY, |
| 478 | NV_LOCKOUT_AUTH_ENABLED, |
| 479 | // Orderly State flag |
| 480 | NV_ORDERLY, |
| 481 | // Command Audit |
| 482 | NV_AUDIT_COMMANDS, |
| 483 | NV_AUDIT_HASH_ALG, |
| 484 | NV_AUDIT_COUNTER, |
| 485 | // Algorithm Set |
| 486 | NV_ALGORITHM_SET, |
| 487 | NV_FIRMWARE_V1, |
| 488 | NV_FIRMWARE_V2, |
| 489 | // The entries above are in PERSISTENT_DATA. The entries below represent |
| 490 | // structures that are read and written as a unit. |
| 491 | // ORDERLY_DATA data structure written on each orderly shutdown |
| 492 | NV_ORDERLY_DATA, |
| 493 | // STATE_CLEAR_DATA structure written on each Shutdown(STATE) |
| 494 | NV_STATE_CLEAR, |
| 495 | // STATE_RESET_DATA structure written on each Shutdown(STATE) |
| 496 | NV_STATE_RESET, |
| 497 | NV_RESERVE_LAST // end of NV reserved data list |
| 498 | } NV_RESERVE; |
| 499 | // |
| 500 | // NV_INDEX |
| 501 | // |
| 502 | // The NV_INDEX structure defines the internal format for an NV index. The indexData size varies |
| 503 | // according to the type of the index. In this implementation, all of the index is manipulated as a unit. |
| 504 | // |
| 505 | typedef struct |
| 506 | { |
| 507 | TPMS_NV_PUBLIC publicArea; |
| 508 | TPM2B_AUTH authValue; |
| 509 | } NV_INDEX; |
| 510 | // |
| 511 | // |
| 512 | // COMMIT_INDEX_MASK |
| 513 | // |
| 514 | // This is the define for the mask value that is used when manipulating the bits in the commit bit array. The |
| 515 | // commit counter is a 64-bit value and the low order bits are used to index the commitArray. This mask |
| 516 | // value is applied to the commit counter to extract the bit number in the array. |
| 517 | // |
| 518 | #ifdef TPM_ALG_ECC |
| 519 | #define COMMIT_INDEX_MASK ((UINT16)((sizeof(gr.commitArray)*8)-1)) |
| 520 | #endif |
| 521 | // |
| 522 | // |
| 523 | // RAM Global Values |
| 524 | // |
| 525 | // Description |
| 526 | // |
| 527 | // The values in this section are only extant in RAM. They are defined here and instanced in Global.c. |
| 528 | // |
| 529 | // g_rcIndex |
| 530 | // |
| 531 | // This array is used to contain the array of values that are added to a return code when it is a parameter-, |
| 532 | // handle-, or session-related error. This is an implementation choice and the same result can be achieved |
| 533 | // by using a macro. |
| 534 | // |
| 535 | extern const UINT16 g_rcIndex[15]; |
| 536 | // |
| 537 | // |
| 538 | // g_exclusiveAuditSession |
| 539 | // |
| 540 | // This location holds the session handle for the current exclusive audit session. If there is no exclusive |
| 541 | // audit session, the location is set to TPM_RH_UNASSIGNED. |
| 542 | // |
| 543 | extern TPM_HANDLE g_exclusiveAuditSession; |
| 544 | // |
| 545 | // |
| 546 | // g_time |
| 547 | // |
| 548 | // This value is the count of milliseconds since the TPM was powered up. This value is initialized at |
| 549 | // _TPM_Init(). |
| 550 | // |
| 551 | extern UINT64 g_time; |
| 552 | // |
| 553 | // |
| 554 | // g_phEnable |
| 555 | // |
| 556 | // This is the platform hierarchy control and determines if the platform hierarchy is available. This value is |
| 557 | // SET on each TPM2_Startup(). The default value is SET. |
| 558 | // |
| 559 | extern BOOL g_phEnable; |
| 560 | // g_pceReConfig |
| 561 | // |
| 562 | // This value is SET if a TPM2_PCR_Allocate() command successfully executed since the last |
| 563 | // TPM2_Startup(). If so, then the next shutdown is required to be Shutdown(CLEAR). |
| 564 | // |
| 565 | extern BOOL g_pcrReConfig; |
| 566 | // |
| 567 | // |
| 568 | // g_DRTMHandle |
| 569 | // |
| 570 | // This location indicates the sequence object handle that holds the DRTM sequence data. When not used, |
| 571 | // it is set to TPM_RH_UNASSIGNED. A sequence DRTM sequence is started on either _TPM_Init() or |
| 572 | // _TPM_Hash_Start(). |
| 573 | // |
| 574 | extern TPMI_DH_OBJECT g_DRTMHandle; |
| 575 | // |
| 576 | // |
| 577 | // g_DrtmPreStartup |
| 578 | // |
| 579 | // This value indicates that an H-CRTM occurred after _TPM_Init() but before TPM2_Startup(). The define |
| 580 | // for PRE_STARTUP_FLAG is used to add the g_DrtmPreStartup value to gp_orderlyState at shutdown. |
| 581 | // This hack is to avoid adding another NV variable. |
| 582 | // |
| 583 | extern BOOL g_DrtmPreStartup; |
| 584 | #define PRE_STARTUP_FLAG 0x8000 |
| 585 | // |
| 586 | // |
| 587 | // g_StartupLocality3 |
| 588 | // |
| 589 | // This value indicates that a TPM2_Startup() occured at locality 3. Otherwise, it at locality 0. The define for |
| 590 | // STARTUP_LOCALITY_3 is to indicate that the startup was not at locality 0. This hack is to avoid adding |
| 591 | // another NV variable. |
| 592 | // |
| 593 | extern BOOL g_StartupLocality3; |
| 594 | #define STARTUP_LOCALITY_3 0x4000 |
| 595 | // |
| 596 | // |
| 597 | // g_updateNV |
| 598 | // |
| 599 | // This flag indicates if NV should be updated at the end of a command. This flag is set to FALSE at the |
| 600 | // beginning of each command in ExecuteCommand(). This flag is checked in ExecuteCommand() after the |
| 601 | // detailed actions of a command complete. If the command execution was successful and this flag is SET, |
| 602 | // any pending NV writes will be committed to NV. |
| 603 | // |
| 604 | extern BOOL g_updateNV; |
| 605 | // |
| 606 | // |
| 607 | // g_clearOrderly |
| 608 | // |
| 609 | // This flag indicates if the execution of a command should cause the orderly state to be cleared. This flag |
| 610 | // is set to FALSE at the beginning of each command in ExecuteCommand() and is checked in |
| 611 | // ExecuteCommand() after the detailed actions of a command complete but before the check of |
| 612 | // g_updateNV. If this flag is TRUE, and the orderly state is not SHUTDOWN_NONE, then the orderly state |
| 613 | // in NV memory will be changed to SHUTDOWN_NONE. |
| 614 | // |
| 615 | extern BOOL g_clearOrderly; |
| 616 | // |
| 617 | // |
| 618 | // |
| 619 | // g_prevOrderlyState |
| 620 | // |
| 621 | // This location indicates how the TPM was shut down before the most recent TPM2_Startup(). This value, |
| 622 | // along with the startup type, determines if the TPM should do a TPM Reset, TPM Restart, or TPM |
| 623 | // Resume. |
| 624 | // |
| 625 | extern TPM_SU g_prevOrderlyState; |
| 626 | // |
| 627 | // |
| 628 | // g_nvOk |
| 629 | // |
| 630 | // This value indicates if the NV integrity check was successful or not. If not and the failure was severe, then |
| 631 | // the TPM would have been put into failure mode after it had been re-manufactured. If the NV failure was in |
| 632 | // the area where the state-save data is kept, then this variable will have a value of FALSE indicating that a |
| 633 | // TPM2_Startup(CLEAR) is required. |
| 634 | // |
| 635 | extern BOOL g_nvOk; |
| 636 | // |
| 637 | // |
| 638 | // g_platformUnique |
| 639 | // |
| 640 | // This location contains the unique value(s) used to identify the TPM. It is loaded on every |
| 641 | // _TPM2_Startup() The first value is used to seed the RNG. The second value is used as a vendor |
| 642 | // authValue. The value used by the RNG would be the value derived from the chip unique value (such as |
| 643 | // fused) with a dependency on the authorities of the code in the TPM boot path. The second would be |
| 644 | // derived from the chip unique value with a dependency on the details of the code in the boot path. That is, |
| 645 | // the first value depends on the various signers of the code and the second depends on what was signed. |
| 646 | // The TPM vendor should not be able to know the first value but they are expected to know the second. |
| 647 | // |
| 648 | extern TPM2B_AUTH g_platformUniqueAuthorities; // Reserved for RNG |
| 649 | extern TPM2B_AUTH g_platformUniqueDetails; // referenced by VENDOR_PERMANENT |
| 650 | // |
| 651 | // |
| 652 | // Persistent Global Values |
| 653 | // |
| 654 | // Description |
| 655 | // |
| 656 | // The values in this section are global values that are persistent across power events. The lifetime of the |
| 657 | // values determines the structure in which the value is placed. |
| 658 | // |
| 659 | // PERSISTENT_DATA |
| 660 | // |
| 661 | // This structure holds the persistent values that only change as a consequence of a specific Protected |
| 662 | // Capability and are not affected by TPM power events (TPM2_Startup() or TPM2_Shutdown(). |
| 663 | // |
| 664 | typedef struct |
| 665 | { |
| 666 | //********************************************************************************* |
| 667 | // Hierarchy |
| 668 | //********************************************************************************* |
| 669 | // The values in this section are related to the hierarchies. |
| 670 | BOOL disableClear; // TRUE if TPM2_Clear() using |
| 671 | // lockoutAuth is disabled |
| 672 | // Hierarchy authPolicies |
| 673 | TPMI_ALG_HASH ownerAlg; |
| 674 | TPMI_ALG_HASH endorsementAlg; |
| 675 | TPMI_ALG_HASH lockoutAlg; |
| 676 | TPM2B_DIGEST ownerPolicy; |
| 677 | TPM2B_DIGEST endorsementPolicy; |
| 678 | TPM2B_DIGEST lockoutPolicy; |
| 679 | // Hierarchy authValues |
| 680 | TPM2B_AUTH ownerAuth; |
| 681 | TPM2B_AUTH endorsementAuth; |
| 682 | TPM2B_AUTH lockoutAuth; |
| 683 | // Primary Seeds |
| 684 | TPM2B_SEED EPSeed; |
| 685 | TPM2B_SEED SPSeed; |
| 686 | TPM2B_SEED PPSeed; |
| 687 | // Note there is a nullSeed in the state_reset memory. |
| 688 | // Hierarchy proofs |
| 689 | TPM2B_AUTH phProof; |
| 690 | TPM2B_AUTH shProof; |
| 691 | TPM2B_AUTH ehProof; |
| 692 | // Note there is a nullProof in the state_reset memory. |
| 693 | //********************************************************************************* |
| 694 | // Reset Events |
| 695 | //********************************************************************************* |
| 696 | // A count that increments at each TPM reset and never get reset during the life |
| 697 | // time of TPM. The value of this counter is initialized to 1 during TPM |
| 698 | // manufacture process. |
| 699 | UINT64 totalResetCount; |
| 700 | // This counter increments on each TPM Reset. The counter is reset by |
| 701 | // TPM2_Clear(). |
| 702 | UINT32 resetCount; |
| 703 | //********************************************************************************* |
| 704 | // PCR |
| 705 | //********************************************************************************* |
| 706 | // This structure hold the policies for those PCR that have an update policy. |
| 707 | // This implementation only supports a single group of PCR controlled by |
| 708 | // policy. If more are required, then this structure would be changed to |
| 709 | // an array. |
| 710 | PCR_POLICY pcrPolicies; |
| 711 | // This structure indicates the allocation of PCR. The structure contains a |
| 712 | // list of PCR allocations for each implemented algorithm. If no PCR are |
| 713 | // allocated for an algorithm, a list entry still exists but the bit map |
| 714 | // will contain no SET bits. |
| 715 | TPML_PCR_SELECTION pcrAllocated; |
| 716 | //********************************************************************************* |
| 717 | // Physical Presence |
| 718 | //********************************************************************************* |
| 719 | // The PP_LIST type contains a bit map of the commands that require physical |
| 720 | // to be asserted when the authorization is evaluated. Physical presence will be |
| 721 | // checked if the corresponding bit in the array is SET and if the authorization |
| 722 | // handle is TPM_RH_PLATFORM. |
| 723 | // |
| 724 | // These bits may be changed with TPM2_PP_Commands(). |
| 725 | BYTE ppList[((TPM_CC_PP_LAST - TPM_CC_PP_FIRST + 1) + 7)/8]; |
| 726 | //********************************************************************************* |
| 727 | // Dictionary attack values |
| 728 | //********************************************************************************* |
| 729 | // These values are used for dictionary attack tracking and control. |
| 730 | UINT32 failedTries; // the current count of unexpired |
| 731 | // authorization failures |
| 732 | UINT32 maxTries; // number of unexpired authorization |
| 733 | // failures before the TPM is in |
| 734 | // lockout |
| 735 | UINT32 recoveryTime; // time between authorization failures |
| 736 | // before failedTries is decremented |
| 737 | UINT32 lockoutRecovery; // time that must expire between |
| 738 | // authorization failures associated |
| 739 | // with lockoutAuth |
| 740 | BOOL lockOutAuthEnabled; // TRUE if use of lockoutAuth is |
| 741 | // allowed |
| 742 | //***************************************************************************** |
| 743 | // Orderly State |
| 744 | //***************************************************************************** |
| 745 | // The orderly state for current cycle |
| 746 | TPM_SU orderlyState; |
| 747 | //***************************************************************************** |
| 748 | // Command audit values. |
| 749 | //***************************************************************************** |
| 750 | BYTE auditComands[((TPM_CC_LAST - TPM_CC_FIRST + 1) + 7) / 8]; |
| 751 | TPMI_ALG_HASH auditHashAlg; |
| 752 | UINT64 auditCounter; |
| 753 | //***************************************************************************** |
| 754 | // Algorithm selection |
| 755 | //***************************************************************************** |
| 756 | // |
| 757 | // The 'algorithmSet' value indicates the collection of algorithms that are |
| 758 | // currently in used on the TPM. The interpretation of value is vendor dependent. |
| 759 | UINT32 algorithmSet; |
| 760 | //***************************************************************************** |
| 761 | // Firmware version |
| 762 | //***************************************************************************** |
| 763 | // The firmwareV1 and firmwareV2 values are instanced in TimeStamp.c. This is |
| 764 | // a scheme used in development to allow determination of the linker build time |
| 765 | // of the TPM. An actual implementation would implement these values in a way that |
| 766 | // is consistent with vendor needs. The values are maintained in RAM for simplified |
| 767 | // access with a master version in NV. These values are modified in a |
| 768 | // vendor-specific way. |
| 769 | // g_firmwareV1 contains the more significant 32-bits of the vendor version number. |
| 770 | // In the reference implementation, if this value is printed as a hex |
| 771 | // value, it will have the format of yyyymmdd |
| 772 | UINT32 firmwareV1; |
| 773 | // g_firmwareV1 contains the less significant 32-bits of the vendor version number. |
| 774 | // In the reference implementation, if this value is printed as a hex |
| 775 | // value, it will have the format of 00 hh mm ss |
| 776 | UINT32 firmwareV2; |
| 777 | } PERSISTENT_DATA; |
| 778 | extern PERSISTENT_DATA gp; |
| 779 | // |
| 780 | // |
| 781 | // ORDERLY_DATA |
| 782 | // |
| 783 | // The data in this structure is saved to NV on each TPM2_Shutdown(). |
| 784 | // |
| 785 | typedef struct orderly_data |
| 786 | { |
| 787 | // |
| 788 | //***************************************************************************** |
| 789 | // TIME |
| 790 | //***************************************************************************** |
| 791 | // Clock has two parts. One is the state save part and one is the NV part. The |
| 792 | // state save version is updated on each command. When the clock rolls over, the |
| 793 | // NV version is updated. When the TPM starts up, if the TPM was shutdown in and |
| 794 | // orderly way, then the sClock value is used to initialize the clock. If the |
| 795 | // TPM shutdown was not orderly, then the persistent value is used and the safe |
| 796 | // attribute is clear. |
| 797 | UINT64 clock; // The orderly version of clock |
| 798 | TPMI_YES_NO clockSafe; // Indicates if the clock value is |
| 799 | // safe. |
| 800 | //********************************************************************************* |
| 801 | // DRBG |
| 802 | //********************************************************************************* |
| 803 | #ifdef _DRBG_STATE_SAVE |
| 804 | // This is DRBG state data. This is saved each time the value of clock is |
| 805 | // updated. |
| 806 | DRBG_STATE drbgState; |
| 807 | #endif |
| 808 | } ORDERLY_DATA; |
| 809 | extern ORDERLY_DATA go; |
| 810 | // |
| 811 | // |
| 812 | // STATE_CLEAR_DATA |
| 813 | // |
| 814 | // This structure contains the data that is saved on Shutdown(STATE). and restored on Startup(STATE). |
| 815 | // The values are set to their default settings on any Startup(Clear). In other words the data is only |
| 816 | // persistent across TPM Resume. |
| 817 | // If the comments associated with a parameter indicate a default reset value, the value is applied on each |
| 818 | // Startup(CLEAR). |
| 819 | // |
| 820 | typedef struct state_clear_data |
| 821 | { |
| 822 | //***************************************************************************** |
| 823 | // Hierarchy Control |
| 824 | //***************************************************************************** |
| 825 | BOOL shEnable; // default reset is SET |
| 826 | BOOL ehEnable; // default reset is SET |
| 827 | BOOL phEnableNV; // default reset is SET |
| 828 | TPMI_ALG_HASH platformAlg; // default reset is TPM_ALG_NULL |
| 829 | TPM2B_DIGEST platformPolicy; // default reset is an Empty Buffer |
| 830 | TPM2B_AUTH platformAuth; // default reset is an Empty Buffer |
| 831 | //***************************************************************************** |
| 832 | // PCR |
| 833 | //***************************************************************************** |
| 834 | // The set of PCR to be saved on Shutdown(STATE) |
| 835 | PCR_SAVE pcrSave; // default reset is 0...0 |
| 836 | // This structure hold the authorization values for those PCR that have an |
| 837 | // update authorization. |
| 838 | // This implementation only supports a single group of PCR controlled by |
| 839 | // authorization. If more are required, then this structure would be changed to |
| 840 | // an array. |
| 841 | PCR_AUTHVALUE pcrAuthValues; |
| 842 | } STATE_CLEAR_DATA; |
| 843 | extern STATE_CLEAR_DATA gc; |
| 844 | // |
| 845 | // |
| 846 | // |
| 847 | // State Reset Data |
| 848 | // |
| 849 | // This structure contains data is that is saved on Shutdown(STATE) and restored on the subsequent |
| 850 | // Startup(ANY). That is, the data is preserved across TPM Resume and TPM Restart. |
| 851 | // If a default value is specified in the comments this value is applied on TPM Reset. |
| 852 | // |
| 853 | typedef struct state_reset_data |
| 854 | { |
| 855 | //***************************************************************************** |
| 856 | // Hierarchy Control |
| 857 | //***************************************************************************** |
| 858 | TPM2B_AUTH nullProof; // The proof value associated with |
| 859 | // the TPM_RH_NULL hierarchy. The |
| 860 | // default reset value is from the RNG. |
| 861 | TPM2B_SEED nullSeed; // The seed value for the TPM_RN_NULL |
| 862 | // hierarchy. The default reset value |
| 863 | // is from the RNG. |
| 864 | //***************************************************************************** |
| 865 | // Context |
| 866 | //***************************************************************************** |
| 867 | // The 'clearCount' counter is incremented each time the TPM successfully executes |
| 868 | // a TPM Resume. The counter is included in each saved context that has 'stClear' |
| 869 | // SET (including descendants of keys that have 'stClear' SET). This prevents these |
| 870 | // objects from being loaded after a TPM Resume. |
| 871 | // If 'clearCount' at its maximum value when the TPM receives a Shutdown(STATE), |
| 872 | // the TPM will return TPM_RC_RANGE and the TPM will only accept Shutdown(CLEAR). |
| 873 | UINT32 clearCount; // The default reset value is 0. |
| 874 | UINT64 objectContextID; // This is the context ID for a saved |
| 875 | // object context. The default reset |
| 876 | // value is 0. |
| 877 | CONTEXT_SLOT contextArray[MAX_ACTIVE_SESSIONS]; |
| 878 | // This is the value from which the |
| 879 | // 'contextID' is derived. The |
| 880 | // default reset value is {0}. |
| 881 | CONTEXT_COUNTER contextCounter; // This array contains contains the |
| 882 | // values used to track the version |
| 883 | // numbers of saved contexts (see |
| 884 | // Session.c in for details). The |
| 885 | // default reset value is 0. |
| 886 | //***************************************************************************** |
| 887 | // Command Audit |
| 888 | //***************************************************************************** |
| 889 | // When an audited command completes, ExecuteCommand() checks the return |
| 890 | // value. If it is TPM_RC_SUCCESS, and the command is an audited command, the |
| 891 | // TPM will extend the cpHash and rpHash for the command to this value. If this |
| 892 | // digest was the Zero Digest before the cpHash was extended, the audit counter |
| 893 | // is incremented. |
| 894 | TPM2B_DIGEST commandAuditDigest; // This value is set to an Empty Digest |
| 895 | // by TPM2_GetCommandAuditDigest() or a |
| 896 | // TPM Reset. |
| 897 | //***************************************************************************** |
| 898 | // Boot counter |
| 899 | //***************************************************************************** |
| 900 | UINT32 restartCount; // This counter counts TPM Restarts. |
| 901 | // The default reset value is 0. |
| 902 | // |
| 903 | //********************************************************************************* |
| 904 | // PCR |
| 905 | //********************************************************************************* |
| 906 | // This counter increments whenever the PCR are updated. This counter is preserved |
| 907 | // across TPM Resume even though the PCR are not preserved. This is because |
| 908 | // sessions remain active across TPM Restart and the count value in the session |
| 909 | // is compared to this counter so this counter must have values that are unique |
| 910 | // as long as the sessions are active. |
| 911 | // NOTE: A platform-specific specification may designate that certain PCR changes |
| 912 | // do not increment this counter to increment. |
| 913 | UINT32 pcrCounter; // The default reset value is 0. |
| 914 | #ifdef TPM_ALG_ECC |
| 915 | //***************************************************************************** |
| 916 | // ECDAA |
| 917 | //***************************************************************************** |
| 918 | UINT64 commitCounter; // This counter increments each time |
| 919 | // TPM2_Commit() returns |
| 920 | // TPM_RC_SUCCESS. The default reset |
| 921 | // value is 0. |
| 922 | TPM2B_NONCE commitNonce; // This random value is used to compute |
| 923 | // the commit values. The default reset |
| 924 | // value is from the RNG. |
| 925 | // This implementation relies on the number of bits in g_commitArray being a |
| 926 | // power of 2 (8, 16, 32, 64, etc.) and no greater than 64K. |
| 927 | BYTE commitArray[16]; // The default reset value is {0}. |
| 928 | #endif //TPM_ALG_ECC |
| 929 | } STATE_RESET_DATA; |
| 930 | extern STATE_RESET_DATA gr; |
| 931 | // |
| 932 | // |
| 933 | // Global Macro Definitions |
| 934 | // |
| 935 | // This macro is used to ensure that a handle, session, or parameter number is only added if the response |
| 936 | // code is FMT1. |
| 937 | // |
| 938 | #define RcSafeAddToResult(r, v) \ |
| 939 | ((r) + (((r) & RC_FMT1) ? (v) : 0)) |
| 940 | // |
| 941 | // This macro is used when a parameter is not otherwise referenced in a function. This macro is normally |
| 942 | // not used by itself but is paired with a pAssert() within a #ifdef pAssert. If pAssert is not defined, then a |
| 943 | // parameter might not otherwise be referenced. This macro uses the parameter from the perspective of the |
| 944 | // compiler so it doesn't complain. |
| 945 | // |
| 946 | #define UNREFERENCED(a) ((void)(a)) |
| 947 | // |
| 948 | // |
| 949 | // Private data |
| 950 | // |
| 951 | #if defined SESSION_PROCESS_C || defined GLOBAL_C || defined MANUFACTURE_C |
| 952 | // |
| 953 | // From SessionProcess.c |
| 954 | // The following arrays are used to save command sessions information so that the command |
| 955 | // handle/session buffer does not have to be preserved for the duration of the command. These arrays are |
| 956 | // indexed by the session index in accordance with the order of sessions in the session area of the |
| 957 | // command. |
| 958 | // |
| 959 | // Array of the authorization session handles |
| 960 | // |
| 961 | extern TPM_HANDLE s_sessionHandles[MAX_SESSION_NUM]; |
| 962 | // |
| 963 | // Array of authorization session attributes |
| 964 | // |
| 965 | extern TPMA_SESSION s_attributes[MAX_SESSION_NUM]; |
| 966 | // |
| 967 | // Array of handles authorized by the corresponding authorization sessions; and if none, then |
| 968 | // TPM_RH_UNASSIGNED value is used |
| 969 | // |
| 970 | extern TPM_HANDLE s_associatedHandles[MAX_SESSION_NUM]; |
| 971 | // |
| 972 | // Array of nonces provided by the caller for the corresponding sessions |
| 973 | // |
| 974 | extern TPM2B_NONCE s_nonceCaller[MAX_SESSION_NUM]; |
| 975 | // |
| 976 | // Array of authorization values (HMAC's or passwords) for the corresponding sessions |
| 977 | // |
| 978 | extern TPM2B_AUTH s_inputAuthValues[MAX_SESSION_NUM]; |
| 979 | // |
| 980 | // Special value to indicate an undefined session index |
| 981 | // |
| 982 | #define UNDEFINED_INDEX (0xFFFF) |
| 983 | // |
| 984 | // Index of the session used for encryption of a response parameter |
| 985 | // |
| 986 | extern UINT32 s_encryptSessionIndex; |
| 987 | // |
| 988 | // Index of the session used for decryption of a command parameter |
| 989 | // |
| 990 | extern UINT32 s_decryptSessionIndex; |
| 991 | // |
| 992 | // Index of a session used for audit |
| 993 | // |
| 994 | extern UINT32 s_auditSessionIndex; |
| 995 | // |
| 996 | // The cpHash for an audit session |
| 997 | // |
| 998 | extern TPM2B_DIGEST s_cpHashForAudit; |
| 999 | // |
| 1000 | // The cpHash for command audit |
| 1001 | // |
| 1002 | #ifdef TPM_CC_GetCommandAuditDigest |
| 1003 | extern TPM2B_DIGEST s_cpHashForCommandAudit; |
| 1004 | #endif |
| 1005 | // |
| 1006 | // Number of authorization sessions present in the command |
| 1007 | // |
| 1008 | extern UINT32 s_sessionNum; |
| 1009 | // |
| 1010 | // Flag indicating if NV update is pending for the lockOutAuthEnabled or failedTries DA parameter |
| 1011 | // |
| 1012 | extern BOOL s_DAPendingOnNV; |
| 1013 | #endif // SESSION_PROCESS_C |
| 1014 | #if defined DA_C || defined GLOBAL_C || defined MANUFACTURE_C |
| 1015 | // |
| 1016 | // From DA.c |
| 1017 | // |
| 1018 | // This variable holds the accumulated time since the last time that failedTries was decremented. This value |
| 1019 | // is in millisecond. |
| 1020 | // |
| 1021 | extern UINT64 s_selfHealTimer; |
| 1022 | // |
| 1023 | // This variable holds the accumulated time that the lockoutAuth has been blocked. |
| 1024 | // |
| 1025 | extern UINT64 s_lockoutTimer; |
| 1026 | #endif // DA_C |
| 1027 | #if defined NV_C || defined GLOBAL_C |
| 1028 | // |
| 1029 | // From NV.c |
| 1030 | // List of pre-defined address of reserved data |
| 1031 | // |
| 1032 | extern UINT32 s_reservedAddr[NV_RESERVE_LAST]; |
| 1033 | // |
| 1034 | // List of pre-defined reserved data size in byte |
| 1035 | // |
| 1036 | extern UINT32 s_reservedSize[NV_RESERVE_LAST]; |
| 1037 | // |
| 1038 | // Size of data in RAM index buffer |
| 1039 | // |
| 1040 | extern UINT32 s_ramIndexSize; |
| 1041 | // |
| 1042 | // Reserved RAM space for frequently updated NV Index. The data layout in ram buffer is {NV_handle(), |
| 1043 | // size of data, data} for each NV index data stored in RAM |
| 1044 | // |
| 1045 | extern BYTE s_ramIndex[RAM_INDEX_SPACE]; |
| 1046 | // |
| 1047 | // Address of size of RAM index space in NV |
| 1048 | // |
| 1049 | extern UINT32 s_ramIndexSizeAddr; |
| 1050 | // |
| 1051 | // Address of NV copy of RAM index space |
| 1052 | // |
| 1053 | extern UINT32 s_ramIndexAddr; |
| 1054 | // |
| 1055 | // Address of maximum counter value; an auxiliary variable to implement NV counters |
| 1056 | // |
| 1057 | extern UINT32 s_maxCountAddr; |
| 1058 | // |
| 1059 | // Beginning of NV dynamic area; starts right after the s_maxCountAddr and s_evictHandleMapAddr |
| 1060 | // variables |
| 1061 | // |
| 1062 | extern UINT32 s_evictNvStart; |
| 1063 | // |
| 1064 | // Beginning of NV dynamic area; also the beginning of the predefined reserved data area. |
| 1065 | // |
| 1066 | extern UINT32 s_evictNvEnd; |
| 1067 | // |
| 1068 | // NV availability is sampled as the start of each command and stored here so that its value remains |
| 1069 | // consistent during the command execution |
| 1070 | // |
| 1071 | extern TPM_RC s_NvStatus; |
| 1072 | #endif |
| 1073 | #if defined OBJECT_C || defined GLOBAL_C |
| 1074 | // |
| 1075 | // From Object.c |
| 1076 | // |
| 1077 | // This type is the container for an object. |
| 1078 | // |
| 1079 | typedef struct |
| 1080 | { |
| 1081 | BOOL occupied; |
| 1082 | ANY_OBJECT object; |
| 1083 | } OBJECT_SLOT; |
| 1084 | // |
| 1085 | // This is the memory that holds the loaded objects. |
| 1086 | // |
| 1087 | extern OBJECT_SLOT s_objects[MAX_LOADED_OBJECTS]; |
| 1088 | #endif // OBJECT_C |
| 1089 | #if defined PCR_C || defined GLOBAL_C |
| 1090 | // |
| 1091 | // From PCR.c |
| 1092 | // |
| 1093 | typedef struct |
| 1094 | { |
| 1095 | #ifdef TPM_ALG_SHA1 |
| 1096 | // SHA1 PCR |
| 1097 | BYTE sha1Pcr[SHA1_DIGEST_SIZE]; |
| 1098 | #endif |
| 1099 | #ifdef TPM_ALG_SHA256 |
| 1100 | // SHA256 PCR |
| 1101 | BYTE sha256Pcr[SHA256_DIGEST_SIZE]; |
| 1102 | #endif |
| 1103 | #ifdef TPM_ALG_SHA384 |
| 1104 | // SHA384 PCR |
| 1105 | BYTE sha384Pcr[SHA384_DIGEST_SIZE]; |
| 1106 | #endif |
| 1107 | #ifdef TPM_ALG_SHA512 |
| 1108 | // SHA512 PCR |
| 1109 | BYTE sha512Pcr[SHA512_DIGEST_SIZE]; |
| 1110 | #endif |
| 1111 | #ifdef TPM_ALG_SM3_256 |
| 1112 | // SHA256 PCR |
| 1113 | BYTE sm3_256Pcr[SM3_256_DIGEST_SIZE]; |
| 1114 | #endif |
| 1115 | } PCR; |
| 1116 | typedef struct |
| 1117 | { |
| 1118 | unsigned int stateSave : 1; // if the PCR value should be |
| 1119 | // saved in state save |
| 1120 | unsigned int resetLocality : 5; // The locality that the PCR |
| 1121 | // can be reset |
| 1122 | unsigned int extendLocality : 5; // The locality that the PCR |
| 1123 | // can be extend |
| 1124 | } PCR_Attributes; |
| 1125 | extern PCR s_pcrs[IMPLEMENTATION_PCR]; |
| 1126 | #endif // PCR_C |
| 1127 | #if defined SESSION_C || defined GLOBAL_C |
| 1128 | // |
| 1129 | // From Session.c |
| 1130 | // Container for HMAC or policy session tracking information |
| 1131 | // |
| 1132 | typedef struct |
| 1133 | { |
| 1134 | BOOL occupied; |
| 1135 | SESSION session; // session structure |
| 1136 | } SESSION_SLOT; |
| 1137 | extern SESSION_SLOT s_sessions[MAX_LOADED_SESSIONS]; |
| 1138 | // |
| 1139 | // |
| 1140 | // |
| 1141 | // |
| 1142 | // The index in conextArray that has the value of the oldest saved session context. When no context is |
| 1143 | // saved, this will have a value that is greater than or equal to MAX_ACTIVE_SESSIONS. |
| 1144 | // |
| 1145 | extern UINT32 s_oldestSavedSession; |
| 1146 | // |
| 1147 | // The number of available session slot openings. When this is 1, a session can't be created or loaded if the |
| 1148 | // GAP is maxed out. The exception is that the oldest saved session context can always be loaded |
| 1149 | // (assuming that there is a space in memory to put it) |
| 1150 | // |
| 1151 | extern int s_freeSessionSlots; |
| 1152 | #endif // SESSION_C |
| 1153 | // |
| 1154 | // From Manufacture.c |
| 1155 | // |
| 1156 | extern BOOL g_manufactured; |
| 1157 | #if defined POWER_C || defined GLOBAL_C |
| 1158 | // |
| 1159 | // From Power.c |
| 1160 | // This value indicates if a TPM2_Startup() commands has been receive since the power on event. This |
| 1161 | // flag is maintained in power simulation module because this is the only place that may reliably set this flag |
| 1162 | // to FALSE. |
| 1163 | // |
| 1164 | extern BOOL s_initialized; |
| 1165 | #endif // POWER_C |
| 1166 | #if defined MEMORY_LIB_C || defined GLOBAL_C |
| 1167 | // |
| 1168 | // The s_actionOutputBuffer should not be modifiable by the host system until the TPM has returned a |
| 1169 | // response code. The s_actionOutputBuffer should not be accessible until response parameter encryption, |
| 1170 | // if any, is complete. |
| 1171 | // |
| 1172 | extern UINT32 s_actionInputBuffer[1024]; // action input buffer |
| 1173 | extern UINT32 s_actionOutputBuffer[1024]; // action output buffer |
| 1174 | extern BYTE s_responseBuffer[MAX_RESPONSE_SIZE];// response buffer |
| 1175 | #endif // MEMORY_LIB_C |
| 1176 | // |
| 1177 | // From TPMFail.c |
| 1178 | // This value holds the address of the string containing the name of the function in which the failure |
| 1179 | // occurred. This address value isn't useful for anything other than helping the vendor to know in which file |
| 1180 | // the failure occurred. |
| 1181 | // |
| 1182 | extern jmp_buf g_jumpBuffer; // the jump buffer |
| 1183 | extern BOOL g_inFailureMode; // Indicates that the TPM is in failure mode |
| 1184 | extern BOOL g_forceFailureMode; // flag to force failure mode during test |
| 1185 | #if defined TPM_FAIL_C || defined GLOBAL_C || 1 |
| 1186 | extern UINT32 s_failFunction; |
| 1187 | extern UINT32 s_failLine; // the line in the file at which |
| 1188 | // the error was signaled |
| 1189 | extern UINT32 s_failCode; // the error code used |
| 1190 | #endif // TPM_FAIL_C |
| 1191 | #endif // GLOBAL_H |