1/*++ 2 3Global defines for TSS. 4 5--*/ 6 7#ifndef __TSS_DEFINES_H__ 8#define __TSS_DEFINES_H__ 9 10#include <tss/platform.h> 11#include <tss/tpm.h> 12 13 14////////////////////////////////////////////////////////////////////////// 15// Object types: 16////////////////////////////////////////////////////////////////////////// 17 18// 19// definition of the object types that can be created via CreateObject 20// 21#define TSS_OBJECT_TYPE_POLICY (0x01) // Policy object 22#define TSS_OBJECT_TYPE_RSAKEY (0x02) // RSA-Key object 23#define TSS_OBJECT_TYPE_ENCDATA (0x03) // Encrypted data object 24#define TSS_OBJECT_TYPE_PCRS (0x04) // PCR composite object 25#define TSS_OBJECT_TYPE_HASH (0x05) // Hash object 26#define TSS_OBJECT_TYPE_DELFAMILY (0x06) // Delegation Family object 27#define TSS_OBJECT_TYPE_NV (0x07) // NV object 28#define TSS_OBJECT_TYPE_MIGDATA (0x08) // CMK Migration data object 29#define TSS_OBJECT_TYPE_DAA_CERTIFICATE (0x09) // DAA credential 30#define TSS_OBJECT_TYPE_DAA_ISSUER_KEY (0x0a) // DAA cred. issuer keypair 31#define TSS_OBJECT_TYPE_DAA_ARA_KEY (0x0b) // DAA anonymity revocation 32 // authority keypair 33 34 35////////////////////////////////////////////////////////////////////////// 36// CreateObject: Flags 37////////////////////////////////////////////////////////////////////////// 38 39 40//************************************ 41// Flags for creating RSAKEY object: * 42//************************************ 43 44// 45// 46// 3 3 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1 47// 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 48// --------------------------------------------------------------- 49// |x x|Auth 50// |x| Volatility 51// |x| Migration 52// |x x x x| Type 53// |x x x x| Size 54// |x x| CMK 55// |x x x| Version 56// |0 0 0 0 0 0 0 0 0| Reserved 57// |x x x x x x| Fixed Type 58// 59 60// Authorization: 61// 62// 3 3 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1 63// 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 64// --------------------------------------------------------------- 65// 66// Never |0 0| 67// Always |0 1| 68// Private key always |1 0| 69// 70#define TSS_KEY_NO_AUTHORIZATION (0x00000000) // no auth needed 71 // for this key 72#define TSS_KEY_AUTHORIZATION (0x00000001) // key needs auth 73 // for all ops 74#define TSS_KEY_AUTHORIZATION_PRIV_USE_ONLY (0x00000002) // key needs auth 75 // for privkey ops, 76 // noauth for pubkey 77 78// 79// Volatility 80// 81// 3 3 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1 82// 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 83// --------------------------------------------------------------- 84// 85// Non Volatile |0| 86// Volatile |1| 87// 88#define TSS_KEY_NON_VOLATILE (0x00000000) // Key is non-volatile 89#define TSS_KEY_VOLATILE (0x00000004) // Key is volatile 90 91// 92// Migration 93// 94// 3 3 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1 95// 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 96// --------------------------------------------------------------- 97// 98// Non Migratable |0| 99// Migratable |1| 100// 101#define TSS_KEY_NOT_MIGRATABLE (0x00000000) // key is not migratable 102#define TSS_KEY_MIGRATABLE (0x00000008) // key is migratable 103 104// 105// Usage 106// 107// 3 3 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1 108// 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 109// --------------------------------------------------------------- 110// 111// Default (Legacy) |0 0 0 0| 112// Signing |0 0 0 1| 113// Storage |0 0 1 0| 114// Identity |0 0 1 1| 115// AuthChange |0 1 0 0| 116// Bind |0 1 0 1| 117// Legacy |0 1 1 0| 118// 119#define TSS_KEY_TYPE_DEFAULT (0x00000000) // indicate a default key 120 // (Legacy-Key) 121#define TSS_KEY_TYPE_SIGNING (0x00000010) // indicate a signing key 122#define TSS_KEY_TYPE_STORAGE (0x00000020) // used as storage key 123#define TSS_KEY_TYPE_IDENTITY (0x00000030) // indicate an idendity key 124#define TSS_KEY_TYPE_AUTHCHANGE (0x00000040) // indicate an ephemeral key 125#define TSS_KEY_TYPE_BIND (0x00000050) // indicate a key for TPM_Bind 126#define TSS_KEY_TYPE_LEGACY (0x00000060) // indicate a key that can 127 // perform signing and binding 128#define TSS_KEY_TYPE_MIGRATE (0x00000070) // indicate a key that can 129 // act as a CMK MA 130#define TSS_KEY_TYPE_BITMASK (0x000000F0) // mask to extract key type 131 132// 133// Key size 134// 135// 3 3 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1 136// 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 137// --------------------------------------------------------------- 138// 139// DEFAULT |0 0 0 0| 140// 512 |0 0 0 1| 141// 1024 |0 0 1 0| 142// 2048 |0 0 1 1| 143// 4096 |0 1 0 0| 144// 8192 |0 1 0 1| 145// 16384 |0 1 1 0| 146// 147#define TSS_KEY_SIZE_DEFAULT (UINT32)(0x00000000) // indicate tpm-specific size 148#define TSS_KEY_SIZE_512 (UINT32)(0x00000100) // indicate a 512-bit key 149#define TSS_KEY_SIZE_1024 (UINT32)(0x00000200) // indicate a 1024-bit key 150#define TSS_KEY_SIZE_2048 (UINT32)(0x00000300) // indicate a 2048-bit key 151#define TSS_KEY_SIZE_4096 (UINT32)(0x00000400) // indicate a 4096-bit key 152#define TSS_KEY_SIZE_8192 (UINT32)(0x00000500) // indicate a 8192-bit key 153#define TSS_KEY_SIZE_16384 (UINT32)(0x00000600) // indicate a 16384-bit key 154#define TSS_KEY_SIZE_BITMASK (UINT32)(0x00000F00) // mask to extract key size 155 156// 157// Certified Migratability 158// 159// 3 3 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1 160// 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 161// --------------------------------------------------------------- 162// 163// DEFAULT |0 0| 164// Not Certified Migratable |0 0| 165// Certified Migratable |0 1| 166// 167#define TSS_KEY_NOT_CERTIFIED_MIGRATABLE (UINT32)(0x00000000) 168#define TSS_KEY_CERTIFIED_MIGRATABLE (UINT32)(0x00001000) 169 170// 171// Specification version 172// 173// 3 3 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1 174// 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 175// --------------------------------------------------------------- 176// 177// Context default |0 0 0| 178// TPM_KEY 1.1b key |0 0 1| 179// TPM_KEY12 1.2 key |0 1 0| 180// 181#define TSS_KEY_STRUCT_DEFAULT (UINT32)(0x00000000) 182#define TSS_KEY_STRUCT_KEY (UINT32)(0x00004000) 183#define TSS_KEY_STRUCT_KEY12 (UINT32)(0x00008000) 184#define TSS_KEY_STRUCT_BITMASK (UINT32)(0x0001C000) 185 186 187// 188// fixed KeyTypes (templates) 189// 190// 3 3 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1 191// 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 192// --------------------------------------------------------------- 193// 194// |0 0 0 0 0 0| Empty Key 195// |0 0 0 0 0 1| Storage Root Key 196// 197#define TSS_KEY_EMPTY_KEY (0x00000000) // no TPM key template 198 // (empty TSP key object) 199#define TSS_KEY_TSP_SRK (0x04000000) // use a TPM SRK template 200 // (TSP key object for SRK) 201#define TSS_KEY_TEMPLATE_BITMASK (0xFC000000) // bitmask to extract key 202 // template 203 204 205//************************************* 206// Flags for creating ENCDATA object: * 207//************************************* 208 209// 210// Type 211// 212// 3 3 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1 213// 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 214// --------------------------------------------------------------- 215// 216// Seal |0 0 1| 217// Bind |0 1 0| 218// Legacy |0 1 1| 219// 220// ENCDATA Reserved: 221// |x x x x x x x x x x x x x x x x x x x x x x x x x x x x x| 222// 223#define TSS_ENCDATA_SEAL (0x00000001) // data for seal operation 224#define TSS_ENCDATA_BIND (0x00000002) // data for bind operation 225#define TSS_ENCDATA_LEGACY (0x00000003) // data for legacy bind operation 226 227 228//********************************** 229// Flags for creating HASH object: * 230//********************************** 231 232// 233// Algorithm 234// 235// 3 3 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1 236// 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 237// --------------------------------------------------------------- 238// 239// DEFAULT 240// |0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0| 241// SHA1 242// |0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1| 243// OTHER 244// |1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1| 245// 246#define TSS_HASH_DEFAULT (0x00000000) // Default hash algorithm 247#define TSS_HASH_SHA1 (0x00000001) // SHA-1 with 20 bytes 248#define TSS_HASH_OTHER (0xFFFFFFFF) // Not-specified hash algorithm 249 250 251//************************************ 252// Flags for creating POLICY object: * 253//************************************ 254 255// 256// Type 257// 258// 3 3 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1 259// 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 260// --------------------------------------------------------------- 261// 262// Usage |0 0 1| 263// Migration |0 1 0| 264// Operator |0 1 1| 265// 266// POLICY Reserved: 267// |x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x| 268 269#define TSS_POLICY_USAGE (0x00000001) // usage policy object 270#define TSS_POLICY_MIGRATION (0x00000002) // migration policy object 271#define TSS_POLICY_OPERATOR (0x00000003) // migration policy object 272 273 274//****************************************** 275// Flags for creating PCRComposite object: * 276//****************************************** 277 278// 279// 3 3 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1 280// 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 281// --------------------------------------------------------------- 282// |x x| Struct 283// |x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x| Reserved 284// 285 286// PCRComposite Version: 287// 288// 3 3 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1 289// 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 290// --------------------------------------------------------------- 291// TPM_PCR_DEFAULT |0 0 0| 292// TPM_PCR_INFO |0 0 1| 293// TPM_PCR_INFO_LONG |0 1 0| 294// TPM_PCR_INFO_SHORT |0 1 1| 295// 296 297#define TSS_PCRS_STRUCT_DEFAULT (0x00000000) // depends on context 298#define TSS_PCRS_STRUCT_INFO (0x00000001) // TPM_PCR_INFO 299#define TSS_PCRS_STRUCT_INFO_LONG (0x00000002) // TPM_PCR_INFO_LONG 300#define TSS_PCRS_STRUCT_INFO_SHORT (0x00000003) // TPM_PCR_INFO_SHORT 301 302 303 304////////////////////////////////////////////////////////////////////////// 305// Attribute Flags, Subflags, and Values 306////////////////////////////////////////////////////////////////////////// 307 308 309//****************** 310// Context object: * 311//****************** 312 313// 314// Attributes 315// 316#define TSS_TSPATTRIB_CONTEXT_SILENT_MODE (0x00000001) 317 // dialog display control 318#define TSS_TSPATTRIB_CONTEXT_MACHINE_NAME (0x00000002) 319 // remote machine name 320#define TSS_TSPATTRIB_CONTEXT_VERSION_MODE (0x00000003) 321 // context version 322#define TSS_TSPATTRIB_CONTEXT_TRANSPORT (0x00000004) 323 // transport control 324#define TSS_TSPATTRIB_CONTEXT_CONNECTION_VERSION (0x00000005) 325 // connection version 326#define TSS_TSPATTRIB_SECRET_HASH_MODE (0x00000006) 327 // flag indicating whether 328 // NUL is included in the 329 // hash of the password 330// 331// SubFlags for Flag TSS_TSPATTRIB_CONTEXT_TRANSPORT 332// 333#define TSS_TSPATTRIB_CONTEXTTRANS_CONTROL (0x00000008) 334#define TSS_TSPATTRIB_CONTEXTTRANS_MODE (0x00000010) 335 336// 337// Values for the TSS_TSPATTRIB_CONTEXT_SILENT_MODE attribute 338// 339#define TSS_TSPATTRIB_CONTEXT_NOT_SILENT (0x00000000) // TSP dialogs enabled 340#define TSS_TSPATTRIB_CONTEXT_SILENT (0x00000001) // TSP dialogs disabled 341 342// 343// Values for the TSS_TSPATTRIB_CONTEXT_VERSION_MODE attribute 344// 345#define TSS_TSPATTRIB_CONTEXT_VERSION_AUTO (0x00000001) 346#define TSS_TSPATTRIB_CONTEXT_VERSION_V1_1 (0x00000002) 347#define TSS_TSPATTRIB_CONTEXT_VERSION_V1_2 (0x00000003) 348 349// 350// Values for the subflag TSS_TSPATTRIB_CONTEXT_TRANS_CONTROL 351// 352#define TSS_TSPATTRIB_DISABLE_TRANSPORT (0x00000016) 353#define TSS_TSPATTRIB_ENABLE_TRANSPORT (0x00000032) 354 355// 356// Values for the subflag TSS_TSPATTRIB_CONTEXT_TRANS_MODE 357// 358#define TSS_TSPATTRIB_TRANSPORT_NO_DEFAULT_ENCRYPTION (0x00000000) 359#define TSS_TSPATTRIB_TRANSPORT_DEFAULT_ENCRYPTION (0x00000001) 360#define TSS_TSPATTRIB_TRANSPORT_AUTHENTIC_CHANNEL (0x00000002) 361#define TSS_TSPATTRIB_TRANSPORT_EXCLUSIVE (0x00000004) 362#define TSS_TSPATTRIB_TRANSPORT_STATIC_AUTH (0x00000008) 363 364// 365// Values for the TSS_TSPATTRIB_CONTEXT_CONNECTION_VERSION attribute 366// 367#define TSS_CONNECTION_VERSION_1_1 (0x00000001) 368#define TSS_CONNECTION_VERSION_1_2 (0x00000002) 369 370 371// 372// Subflags of TSS_TSPATTRIB_SECRET_HASH_MODE 373// 374#define TSS_TSPATTRIB_SECRET_HASH_MODE_POPUP (0x00000001) 375 376// 377// Values for TSS_TSPATTRIB_SECRET_HASH_MODE_POPUP subflag 378// 379#define TSS_TSPATTRIB_HASH_MODE_NOT_NULL (0x00000000) 380#define TSS_TSPATTRIB_HASH_MODE_NULL (0x00000001) 381 382 383// ************* 384// TPM object: * 385// ************* 386 387// 388// Attributes: 389// 390#define TSS_TSPATTRIB_TPM_CALLBACK_COLLATEIDENTITY 0x00000001 391#define TSS_TSPATTRIB_TPM_CALLBACK_ACTIVATEIDENTITY 0x00000002 392#define TSS_TSPATTRIB_TPM_ORDINAL_AUDIT_STATUS 0x00000003 393#define TSS_TSPATTRIB_TPM_CREDENTIAL 0x00001000 394 395// 396// Subflags for TSS_TSPATTRIB_TPM_ORDINAL_AUDIT_STATUS 397// 398#define TPM_CAP_PROP_TPM_CLEAR_ORDINAL_AUDIT 0x00000000 399#define TPM_CAP_PROP_TPM_SET_ORDINAL_AUDIT 0x00000001 400 401// 402// Subflags for TSS_TSPATTRIB_TPM_CREDENTIAL 403// 404#define TSS_TPMATTRIB_EKCERT 0x00000001 405#define TSS_TPMATTRIB_TPM_CC 0x00000002 406#define TSS_TPMATTRIB_PLATFORMCERT 0x00000003 407#define TSS_TPMATTRIB_PLATFORM_CC 0x00000004 408 409 410//***************** 411// Policy object: * 412//***************** 413 414// 415// Attributes 416// 417#define TSS_TSPATTRIB_POLICY_CALLBACK_HMAC (0x00000080) 418 // enable/disable callback function 419 420#define TSS_TSPATTRIB_POLICY_CALLBACK_XOR_ENC (0x00000100) 421 // enable/disable callback function 422 423#define TSS_TSPATTRIB_POLICY_CALLBACK_TAKEOWNERSHIP (0x00000180) 424 // enable/disable callback function 425 426#define TSS_TSPATTRIB_POLICY_CALLBACK_CHANGEAUTHASYM (0x00000200) 427 // enable/disable callback function 428 429#define TSS_TSPATTRIB_POLICY_SECRET_LIFETIME (0x00000280) 430 // set lifetime mode for policy secret 431 432#define TSS_TSPATTRIB_POLICY_POPUPSTRING (0x00000300) 433 // set a NULL terminated UNICODE string 434 // which is displayed in the TSP policy 435 // popup dialog 436#define TSS_TSPATTRIB_POLICY_CALLBACK_SEALX_MASK (0x00000380) 437 // enable/disable callback function 438#if 0 439/* This attribute flag is defined earlier with the context attributes. 440 * It is valid for both context and policy objects. It is copied 441 * here as a reminder to avoid collisions. 442 */ 443#define TSS_TSPATTRIB_SECRET_HASH_MODE (0x00000006) 444 // flag indicating whether 445 // NUL is included in the 446 // hash of the password 447#endif 448 449 450#define TSS_TSPATTRIB_POLICY_DELEGATION_INFO (0x00000001) 451#define TSS_TSPATTRIB_POLICY_DELEGATION_PCR (0x00000002) 452 453// 454// SubFlags for Flag TSS_TSPATTRIB_POLICY_SECRET_LIFETIME 455// 456#define TSS_SECRET_LIFETIME_ALWAYS (0x00000001) // secret will not be 457 // invalidated 458#define TSS_SECRET_LIFETIME_COUNTER (0x00000002) // secret lifetime 459 // controlled by counter 460#define TSS_SECRET_LIFETIME_TIMER (0x00000003) // secret lifetime 461 // controlled by time 462#define TSS_TSPATTRIB_POLSECRET_LIFETIME_ALWAYS TSS_SECRET_LIFETIME_ALWAYS 463#define TSS_TSPATTRIB_POLSECRET_LIFETIME_COUNTER TSS_SECRET_LIFETIME_COUNTER 464#define TSS_TSPATTRIB_POLSECRET_LIFETIME_TIMER TSS_SECRET_LIFETIME_TIMER 465 466// Alternate names misspelled in the 1.1 TSS spec. 467#define TSS_TSPATTRIB_POLICYSECRET_LIFETIME_ALWAYS TSS_SECRET_LIFETIME_ALWAYS 468#define TSS_TSPATTRIB_POLICYSECRET_LIFETIME_COUNTER TSS_SECRET_LIFETIME_COUNTER 469#define TSS_TSPATTRIB_POLICYSECRET_LIFETIME_TIMER TSS_SECRET_LIFETIME_TIMER 470 471// 472// Subflags of TSS_TSPATTRIB_POLICY_DELEGATION_INFO 473// 474#define TSS_TSPATTRIB_POLDEL_TYPE (0x00000001) 475#define TSS_TSPATTRIB_POLDEL_INDEX (0x00000002) 476#define TSS_TSPATTRIB_POLDEL_PER1 (0x00000003) 477#define TSS_TSPATTRIB_POLDEL_PER2 (0x00000004) 478#define TSS_TSPATTRIB_POLDEL_LABEL (0x00000005) 479#define TSS_TSPATTRIB_POLDEL_FAMILYID (0x00000006) 480#define TSS_TSPATTRIB_POLDEL_VERCOUNT (0x00000007) 481#define TSS_TSPATTRIB_POLDEL_OWNERBLOB (0x00000008) 482#define TSS_TSPATTRIB_POLDEL_KEYBLOB (0x00000009) 483 484// 485// Subflags of TSS_TSPATTRIB_POLICY_DELEGATION_PCR 486// 487#define TSS_TSPATTRIB_POLDELPCR_LOCALITY (0x00000001) 488#define TSS_TSPATTRIB_POLDELPCR_DIGESTATRELEASE (0x00000002) 489#define TSS_TSPATTRIB_POLDELPCR_SELECTION (0x00000003) 490 491// 492// Values for the Policy TSS_TSPATTRIB_POLDEL_TYPE attribute 493// 494#define TSS_DELEGATIONTYPE_NONE (0x00000001) 495#define TSS_DELEGATIONTYPE_OWNER (0x00000002) 496#define TSS_DELEGATIONTYPE_KEY (0x00000003) 497 498 499 500// 501// Flags used for the 'mode' parameter in Tspi_Policy_SetSecret() 502// 503#define TSS_SECRET_MODE_NONE (0x00000800) // No authorization will be 504 // processed 505#define TSS_SECRET_MODE_SHA1 (0x00001000) // Secret string will not be 506 // touched by TSP 507#define TSS_SECRET_MODE_PLAIN (0x00001800) // Secret string will be hashed 508 // using SHA1 509#define TSS_SECRET_MODE_POPUP (0x00002000) // TSS SP will ask for a secret 510#define TSS_SECRET_MODE_CALLBACK (0x00002800) // Application has to provide a 511 // call back function 512 513 514 515//****************** 516// EncData object: * 517//****************** 518 519// 520// Attributes 521// 522#define TSS_TSPATTRIB_ENCDATA_BLOB (0x00000008) 523#define TSS_TSPATTRIB_ENCDATA_PCR (0x00000010) 524#define TSS_TSPATTRIB_ENCDATA_PCR_LONG (0x00000018) 525#define TSS_TSPATTRIB_ENCDATA_SEAL (0x00000020) 526 527// 528// SubFlags for Flag TSS_TSPATTRIB_ENCDATA_BLOB 529// 530#define TSS_TSPATTRIB_ENCDATABLOB_BLOB (0x00000001) // encrypted data blob 531 532// 533// SubFlags for Flag TSS_TSPATTRIB_ENCDATA_PCR 534// 535#define TSS_TSPATTRIB_ENCDATAPCR_DIGEST_ATCREATION (0x00000002) 536#define TSS_TSPATTRIB_ENCDATAPCR_DIGEST_ATRELEASE (0x00000003) 537#define TSS_TSPATTRIB_ENCDATAPCR_SELECTION (0x00000004) 538// support typo from 1.1 headers 539#define TSS_TSPATTRIB_ENCDATAPCR_DIGEST_RELEASE \ 540 TSS_TSPATTRIB_ENCDATAPCR_DIGEST_ATRELEASE 541 542#define TSS_TSPATTRIB_ENCDATAPCRLONG_LOCALITY_ATCREATION (0x00000005) 543#define TSS_TSPATTRIB_ENCDATAPCRLONG_LOCALITY_ATRELEASE (0x00000006) 544#define TSS_TSPATTRIB_ENCDATAPCRLONG_CREATION_SELECTION (0x00000007) 545#define TSS_TSPATTRIB_ENCDATAPCRLONG_RELEASE_SELECTION (0x00000008) 546#define TSS_TSPATTRIB_ENCDATAPCRLONG_DIGEST_ATCREATION (0x00000009) 547#define TSS_TSPATTRIB_ENCDATAPCRLONG_DIGEST_ATRELEASE (0x0000000A) 548 549 550// 551// Attribute subflags TSS_TSPATTRIB_ENCDATA_SEAL 552// 553#define TSS_TSPATTRIB_ENCDATASEAL_PROTECT_MODE (0x00000001) 554 555// 556// Attribute values for 557// TSS_TSPATTRIB_ENCDATA_SEAL/TSS_TSPATTRIB_ENCDATASEAL_PROTECT_MODE 558// 559#define TSS_TSPATTRIB_ENCDATASEAL_NOPROTECT (0x00000000) 560#define TSS_TSPATTRIB_ENCDATASEAL_PROTECT (0x00000001) 561 562// Accounting for typos in original header files 563#define TSS_TSPATTRIB_ENCDATASEAL_NO_PROTECT \ 564 TSS_TSPATTRIB_ENCDATASEAL_NOPROTECT 565 566//************* 567// NV object: * 568//************* 569 570// 571// Attributes 572// 573#define TSS_TSPATTRIB_NV_INDEX (0x00000001) 574#define TSS_TSPATTRIB_NV_PERMISSIONS (0x00000002) 575#define TSS_TSPATTRIB_NV_STATE (0x00000003) 576#define TSS_TSPATTRIB_NV_DATASIZE (0x00000004) 577#define TSS_TSPATTRIB_NV_PCR (0x00000005) 578 579#define TSS_TSPATTRIB_NVSTATE_READSTCLEAR (0x00100000) 580#define TSS_TSPATTRIB_NVSTATE_WRITESTCLEAR (0x00200000) 581#define TSS_TSPATTRIB_NVSTATE_WRITEDEFINE (0x00300000) 582 583#define TSS_TSPATTRIB_NVPCR_READPCRSELECTION (0x01000000) 584#define TSS_TSPATTRIB_NVPCR_READDIGESTATRELEASE (0x02000000) 585#define TSS_TSPATTRIB_NVPCR_READLOCALITYATRELEASE (0x03000000) 586#define TSS_TSPATTRIB_NVPCR_WRITEPCRSELECTION (0x04000000) 587#define TSS_TSPATTRIB_NVPCR_WRITEDIGESTATRELEASE (0x05000000) 588#define TSS_TSPATTRIB_NVPCR_WRITELOCALITYATRELEASE (0x06000000) 589 590/* NV index flags 591 * 592 * From the TPM spec, Part 2, Section 19.1. 593 * 594 * 3 2 1 595 * 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 596 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 597 * |T|P|U|D| resvd | Purview | Index | 598 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 599 */ 600#define TSS_NV_TPM (0x80000000) // TPM mfr reserved bit 601#define TSS_NV_PLATFORM (0x40000000) // Platform mfr reserved bit 602#define TSS_NV_USER (0x20000000) // User reserved bit 603#define TSS_NV_DEFINED (0x10000000) // "Defined permanently" flag 604#define TSS_NV_MASK_TPM (0x80000000) // mask to extract 'T' 605#define TSS_NV_MASK_PLATFORM (0x40000000) // mask to extract 'P' 606#define TSS_NV_MASK_USER (0x20000000) // mask to extract 'U' 607#define TSS_NV_MASK_DEFINED (0x10000000) // mask to extract 'D' 608#define TSS_NV_MASK_RESERVED (0x0f000000) // mask to extract reserved bits 609#define TSS_NV_MASK_PURVIEW (0x00ff0000) // mask to extract purview byte 610#define TSS_NV_MASK_INDEX (0x0000ffff) // mask to extract index byte 611 612// This is the index of the NV storage area where the number of sessions 613// per locality is stored. 614#define TSS_NV_INDEX_SESSIONS (0x00011101) 615 616 617//****************** 618// MigData object: * 619//****************** 620 621// 622// Attributes 623// 624#define TSS_MIGATTRIB_MIGRATIONBLOB (0x00000010) 625#define TSS_MIGATTRIB_MIGRATIONTICKET (0x00000020) 626#define TSS_MIGATTRIB_AUTHORITY_DATA (0x00000030) 627#define TSS_MIGATTRIB_MIG_AUTH_DATA (0x00000040) 628#define TSS_MIGATTRIB_TICKET_DATA (0x00000050) 629#define TSS_MIGATTRIB_PAYLOAD_TYPE (0x00000060) 630 631// 632// Attribute subflags TSS_MIGATTRIB_MIGRATIONBLOB 633// 634#define TSS_MIGATTRIB_MIGRATION_XOR_BLOB (0x00000101) 635#define TSS_MIGATTRIB_MIGRATION_REWRAPPED_BLOB (0x00000102) 636#define TSS_MIGATTRIB_MIG_MSALIST_PUBKEY_BLOB (0x00000103) 637#define TSS_MIGATTRIB_MIG_AUTHORITY_PUBKEY_BLOB (0x00000104) 638#define TSS_MIGATTRIB_MIG_DESTINATION_PUBKEY_BLOB (0x00000105) 639#define TSS_MIGATTRIB_MIG_SOURCE_PUBKEY_BLOB (0x00000106) 640#define TSS_MIGATTRIB_MIG_REWRAPPED_BLOB TSS_MIGATTRIB_MIGRATION_REWRAPPED_BLOB 641#define TSS_MIGATTRIB_MIG_XOR_BLOB TSS_MIGATTRIB_MIGRATION_XOR_BLOB 642 643// 644// Attribute subflags TSS_MIGATTRIB_MIGRATIONTICKET 645// 646// none 647 648// 649// Attribute subflags TSS_MIGATTRIB_AUTHORITY_DATA 650// 651#define TSS_MIGATTRIB_AUTHORITY_DIGEST (0x00000301) 652#define TSS_MIGATTRIB_AUTHORITY_APPROVAL_HMAC (0x00000302) 653#define TSS_MIGATTRIB_AUTHORITY_MSALIST (0x00000303) 654 655// 656// Attribute subflags TSS_MIGATTRIB_MIG_AUTH_DATA 657// 658#define TSS_MIGATTRIB_MIG_AUTH_AUTHORITY_DIGEST (0x00000401) 659#define TSS_MIGATTRIB_MIG_AUTH_DESTINATION_DIGEST (0x00000402) 660#define TSS_MIGATTRIB_MIG_AUTH_SOURCE_DIGEST (0x00000403) 661 662// 663// Attribute subflags TSS_MIGATTRIB_TICKET_DATA 664// 665#define TSS_MIGATTRIB_TICKET_SIG_DIGEST (0x00000501) 666#define TSS_MIGATTRIB_TICKET_SIG_VALUE (0x00000502) 667#define TSS_MIGATTRIB_TICKET_SIG_TICKET (0x00000503) 668#define TSS_MIGATTRIB_TICKET_RESTRICT_TICKET (0x00000504) 669 670// 671// Attribute subflags TSS_MIGATTRIB_PAYLOAD_TYPE 672// 673#define TSS_MIGATTRIB_PT_MIGRATE_RESTRICTED (0x00000601) 674#define TSS_MIGATTRIB_PT_MIGRATE_EXTERNAL (0x00000602) 675 676 677 678 679//*************** 680// Hash object: * 681//*************** 682 683// 684// Attributes 685// 686#define TSS_TSPATTRIB_HASH_IDENTIFIER (0x00001000) // Hash algorithm identifier 687#define TSS_TSPATTRIB_ALG_IDENTIFIER (0x00002000) // ASN.1 alg identifier 688 689 690 691//*************** 692// PCRs object: * 693//*************** 694 695// 696// Attributes 697// 698#define TSS_TSPATTRIB_PCRS_INFO (0x00000001) // info 699 700// 701// Subflags for TSS_TSPATTRIB_PCRS_INFO flag 702// 703#define TSS_TSPATTRIB_PCRSINFO_PCRSTRUCT (0x00000001) // type of pcr struct 704 // TSS_PCRS_STRUCT_TYPE_XX 705 706//**************************** 707// Delegation Family object: * 708//**************************** 709 710// 711// Attributes 712// 713#define TSS_TSPATTRIB_DELFAMILY_STATE (0x00000001) 714#define TSS_TSPATTRIB_DELFAMILY_INFO (0x00000002) 715 716// DELFAMILY_STATE sub-attributes 717#define TSS_TSPATTRIB_DELFAMILYSTATE_LOCKED (0x00000001) 718#define TSS_TSPATTRIB_DELFAMILYSTATE_ENABLED (0x00000002) 719 720// DELFAMILY_INFO sub-attributes 721#define TSS_TSPATTRIB_DELFAMILYINFO_LABEL (0x00000003) 722#define TSS_TSPATTRIB_DELFAMILYINFO_VERCOUNT (0x00000004) 723#define TSS_TSPATTRIB_DELFAMILYINFO_FAMILYID (0x00000005) 724 725// Bitmasks for the 'ulFlags' argument to Tspi_TPM_Delegate_CreateDelegation. 726// Only one bit used for now. 727#define TSS_DELEGATE_INCREMENTVERIFICATIONCOUNT ((UINT32)1) 728 729// Bitmasks for the 'ulFlags' argument to 730// Tspi_TPM_Delegate_CacheOwnerDelegation. Only 1 bit is used for now. 731#define TSS_DELEGATE_CACHEOWNERDELEGATION_OVERWRITEEXISTING ((UINT32)1) 732 733 734 735//************************* 736// DAA Credential Object: * 737//************************* 738 739// 740// Attribute flags 741// 742#define TSS_TSPATTRIB_DAACRED_COMMIT (0x00000001) 743#define TSS_TSPATTRIB_DAACRED_ATTRIB_GAMMAS (0x00000002) 744#define TSS_TSPATTRIB_DAACRED_CREDENTIAL_BLOB (0x00000003) 745#define TSS_TSPATTRIB_DAACRED_CALLBACK_SIGN (0x00000004) 746#define TSS_TSPATTRIB_DAACRED_CALLBACK_VERIFYSIGNATURE (0x00000005) 747 748// 749// Subflags for TSS_TSPATTRIB_DAACRED_COMMIT 750// 751#define TSS_TSPATTRIB_DAACOMMIT_NUMBER (0x00000001) 752#define TSS_TSPATTRIB_DAACOMMIT_SELECTION (0x00000002) 753#define TSS_TSPATTRIB_DAACOMMIT_COMMITMENTS (0x00000003) 754 755// 756// Subflags for TSS_TSPATTRIB_DAACRED_ATTRIB_GAMMAS 757// 758#define TSS_TSPATTRIB_DAAATTRIBGAMMAS_BLOB (0xffffffff) 759 760 761 762//************************* 763// DAA Issuer Key Object: * 764//************************* 765 766// 767// Attribute flags 768// 769#define TSS_TSPATTRIB_DAAISSUERKEY_BLOB (0x00000001) 770#define TSS_TSPATTRIB_DAAISSUERKEY_PUBKEY (0x00000002) 771 772// 773// Subflags for TSS_TSPATTRIB_DAAISSUERKEY_BLOB 774// 775#define TSS_TSPATTRIB_DAAISSUERKEYBLOB_PUBLIC_KEY (0x00000001) 776#define TSS_TSPATTRIB_DAAISSUERKEYBLOB_SECRET_KEY (0x00000002) 777#define TSS_TSPATTRIB_DAAISSUERKEYBLOB_KEYBLOB (0x00000003) 778#define TSS_TSPATTRIB_DAAISSUERKEYBLOB_PROOF (0x00000004) 779 780// 781// Subflags for TSS_TSPATTRIB_DAAISSUERKEY_PUBKEY 782// 783#define TSS_TSPATTRIB_DAAISSUERKEYPUBKEY_NUM_ATTRIBS (0x00000001) 784#define TSS_TSPATTRIB_DAAISSUERKEYPUBKEY_NUM_PLATFORM_ATTRIBS (0x00000002) 785#define TSS_TSPATTRIB_DAAISSUERKEYPUBKEY_NUM_ISSUER_ATTRIBS (0x00000003) 786 787 788 789//*************************************** 790// DAA Anonymity Revocation Key Object: * 791//*************************************** 792 793// 794// Attribute flags 795// 796#define TSS_TSPATTRIB_DAAARAKEY_BLOB (0x00000001) 797 798// 799// Subflags for TSS_TSPATTRIB_DAAARAKEY_BLOB 800// 801#define TSS_TSPATTRIB_DAAARAKEYBLOB_PUBLIC_KEY (0x00000001) 802#define TSS_TSPATTRIB_DAAARAKEYBLOB_SECRET_KEY (0x00000002) 803#define TSS_TSPATTRIB_DAAARAKEYBLOB_KEYBLOB (0x00000003) 804 805 806 807// 808// Structure payload flags for TSS_DAA_PSEUDONYM, 809// (TSS_DAA_PSEUDONYM.payloadFlag) 810// 811#define TSS_FLAG_DAA_PSEUDONYM_PLAIN (0x00000000) 812#define TSS_FLAG_DAA_PSEUDONYM_ENCRYPTED (0x00000001) 813 814 815//************** 816// Key Object: * 817//************** 818 819// 820// Attribute flags 821// 822#define TSS_TSPATTRIB_KEY_BLOB (0x00000040) // key info as blob data 823#define TSS_TSPATTRIB_KEY_INFO (0x00000080) // keyparam info as blob data 824#define TSS_TSPATTRIB_KEY_UUID (0x000000C0) // key UUID info as blob data 825#define TSS_TSPATTRIB_KEY_PCR (0x00000100) // composite digest value for 826 // the key 827#define TSS_TSPATTRIB_RSAKEY_INFO (0x00000140) // public key info 828#define TSS_TSPATTRIB_KEY_REGISTER (0x00000180) // register location 829#define TSS_TSPATTRIB_KEY_PCR_LONG (0x000001c0) // PCR_INFO_LONG for the key 830#define TSS_TSPATTRIB_KEY_CONTROLBIT (0x00000200) // key control flags 831#define TSS_TSPATTRIB_KEY_CMKINFO (0x00000400) // CMK info 832 833// 834// SubFlags for Flag TSS_TSPATTRIB_KEY_BLOB 835// 836#define TSS_TSPATTRIB_KEYBLOB_BLOB (0x00000008) // key info using the 837 // key blob 838#define TSS_TSPATTRIB_KEYBLOB_PUBLIC_KEY (0x00000010) // public key info 839 // using the blob 840#define TSS_TSPATTRIB_KEYBLOB_PRIVATE_KEY (0x00000028) // encrypted private key 841 // blob 842 843// 844// SubFlags for Flag TSS_TSPATTRIB_KEY_INFO 845// 846#define TSS_TSPATTRIB_KEYINFO_SIZE (0x00000080) // key size in bits 847#define TSS_TSPATTRIB_KEYINFO_USAGE (0x00000100) // key usage info 848#define TSS_TSPATTRIB_KEYINFO_KEYFLAGS (0x00000180) // key flags 849#define TSS_TSPATTRIB_KEYINFO_AUTHUSAGE (0x00000200) // key auth usage info 850#define TSS_TSPATTRIB_KEYINFO_ALGORITHM (0x00000280) // key algorithm ID 851#define TSS_TSPATTRIB_KEYINFO_SIGSCHEME (0x00000300) // key sig scheme 852#define TSS_TSPATTRIB_KEYINFO_ENCSCHEME (0x00000380) // key enc scheme 853#define TSS_TSPATTRIB_KEYINFO_MIGRATABLE (0x00000400) // if true then key is 854 // migratable 855#define TSS_TSPATTRIB_KEYINFO_REDIRECTED (0x00000480) // key is redirected 856#define TSS_TSPATTRIB_KEYINFO_VOLATILE (0x00000500) // if true key is 857 // volatile 858#define TSS_TSPATTRIB_KEYINFO_AUTHDATAUSAGE (0x00000580) // if true auth is 859 // required 860#define TSS_TSPATTRIB_KEYINFO_VERSION (0x00000600) // version info as TSS 861 // version struct 862#define TSS_TSPATTRIB_KEYINFO_CMK (0x00000680) // if true then key 863 // is certified 864 // migratable 865#define TSS_TSPATTRIB_KEYINFO_KEYSTRUCT (0x00000700) // type of key struct 866 // used for this key 867 // (TPM_KEY or 868 // TPM_KEY12) 869#define TSS_TSPATTRIB_KEYCONTROL_OWNEREVICT (0x00000780) // Get current status 870 // of owner evict flag 871 872// 873// SubFlags for Flag TSS_TSPATTRIB_RSAKEY_INFO 874// 875#define TSS_TSPATTRIB_KEYINFO_RSA_EXPONENT (0x00001000) 876#define TSS_TSPATTRIB_KEYINFO_RSA_MODULUS (0x00002000) 877#define TSS_TSPATTRIB_KEYINFO_RSA_KEYSIZE (0x00003000) 878#define TSS_TSPATTRIB_KEYINFO_RSA_PRIMES (0x00004000) 879 880// 881// SubFlags for Flag TSS_TSPATTRIB_KEY_PCR 882// 883#define TSS_TSPATTRIB_KEYPCR_DIGEST_ATCREATION (0x00008000) 884#define TSS_TSPATTRIB_KEYPCR_DIGEST_ATRELEASE (0x00010000) 885#define TSS_TSPATTRIB_KEYPCR_SELECTION (0x00018000) 886 887// 888// SubFlags for TSS_TSPATTRIB_KEY_REGISTER 889// 890#define TSS_TSPATTRIB_KEYREGISTER_USER (0x02000000) 891#define TSS_TSPATTRIB_KEYREGISTER_SYSTEM (0x04000000) 892#define TSS_TSPATTRIB_KEYREGISTER_NO (0x06000000) 893 894// 895// SubFlags for Flag TSS_TSPATTRIB_KEY_PCR_LONG 896// 897#define TSS_TSPATTRIB_KEYPCRLONG_LOCALITY_ATCREATION (0x00040000) /* UINT32 */ 898#define TSS_TSPATTRIB_KEYPCRLONG_LOCALITY_ATRELEASE (0x00080000) /* UINT32 */ 899#define TSS_TSPATTRIB_KEYPCRLONG_CREATION_SELECTION (0x000C0000) /* DATA */ 900#define TSS_TSPATTRIB_KEYPCRLONG_RELEASE_SELECTION (0x00100000) /* DATA */ 901#define TSS_TSPATTRIB_KEYPCRLONG_DIGEST_ATCREATION (0x00140000) /* DATA */ 902#define TSS_TSPATTRIB_KEYPCRLONG_DIGEST_ATRELEASE (0x00180000) /* DATA */ 903 904// 905// SubFlags for Flag TSS_TSPATTRIB_KEY_CMKINFO 906// 907#define TSS_TSPATTRIB_KEYINFO_CMK_MA_APPROVAL (0x00000010) 908#define TSS_TSPATTRIB_KEYINFO_CMK_MA_DIGEST (0x00000020) 909 910 911// 912// Attribute Values 913// 914 915// 916// key size definitions 917// 918#define TSS_KEY_SIZEVAL_512BIT (0x0200) 919#define TSS_KEY_SIZEVAL_1024BIT (0x0400) 920#define TSS_KEY_SIZEVAL_2048BIT (0x0800) 921#define TSS_KEY_SIZEVAL_4096BIT (0x1000) 922#define TSS_KEY_SIZEVAL_8192BIT (0x2000) 923#define TSS_KEY_SIZEVAL_16384BIT (0x4000) 924 925// 926// key usage definitions 927// Values intentionally moved away from corresponding TPM values to avoid 928// possible misuse 929// 930#define TSS_KEYUSAGE_BIND (0x00) 931#define TSS_KEYUSAGE_IDENTITY (0x01) 932#define TSS_KEYUSAGE_LEGACY (0x02) 933#define TSS_KEYUSAGE_SIGN (0x03) 934#define TSS_KEYUSAGE_STORAGE (0x04) 935#define TSS_KEYUSAGE_AUTHCHANGE (0x05) 936#define TSS_KEYUSAGE_MIGRATE (0x06) 937 938// 939// key flag definitions 940// 941#define TSS_KEYFLAG_REDIRECTION (0x00000001) 942#define TSS_KEYFLAG_MIGRATABLE (0x00000002) 943#define TSS_KEYFLAG_VOLATILEKEY (0x00000004) 944#define TSS_KEYFLAG_CERTIFIED_MIGRATABLE (0x00000008) 945 946// 947// algorithm ID definitions 948// 949// This table defines the algo id's 950// Values intentionally moved away from corresponding TPM values to avoid 951// possible misuse 952// 953#define TSS_ALG_RSA (0x20) 954#define TSS_ALG_DES (0x21) 955#define TSS_ALG_3DES (0x22) 956#define TSS_ALG_SHA (0x23) 957#define TSS_ALG_HMAC (0x24) 958#define TSS_ALG_AES128 (0x25) 959#define TSS_ALG_AES192 (0x26) 960#define TSS_ALG_AES256 (0x27) 961#define TSS_ALG_XOR (0x28) 962#define TSS_ALG_MGF1 (0x29) 963 964#define TSS_ALG_AES TSS_ALG_AES128 965 966// Special values for 967// Tspi_Context_GetCapability(TSS_TSPCAP_ALG) 968// Tspi_Context_GetCapability(TSS_TCSCAP_ALG) 969#define TSS_ALG_DEFAULT (0xfe) 970#define TSS_ALG_DEFAULT_SIZE (0xff) 971 972 973// 974// key signature scheme definitions 975// 976#define TSS_SS_NONE (0x10) 977#define TSS_SS_RSASSAPKCS1V15_SHA1 (0x11) 978#define TSS_SS_RSASSAPKCS1V15_DER (0x12) 979#define TSS_SS_RSASSAPKCS1V15_INFO (0x13) 980 981// 982// key encryption scheme definitions 983// 984#define TSS_ES_NONE (0x10) 985#define TSS_ES_RSAESPKCSV15 (0x11) 986#define TSS_ES_RSAESOAEP_SHA1_MGF1 (0x12) 987#define TSS_ES_SYM_CNT (0x13) 988#define TSS_ES_SYM_OFB (0x14) 989#define TSS_ES_SYM_CBC_PKCS5PAD (0x15) 990 991 992// 993// persistent storage registration definitions 994// 995#define TSS_PS_TYPE_USER (1) // Key is registered persistantly in the user 996 // storage database. 997#define TSS_PS_TYPE_SYSTEM (2) // Key is registered persistantly in the system 998 // storage database. 999 1000// 1001// migration scheme definitions 1002// Values intentionally moved away from corresponding TPM values to avoid 1003// possible misuse 1004// 1005#define TSS_MS_MIGRATE (0x20) 1006#define TSS_MS_REWRAP (0x21) 1007#define TSS_MS_MAINT (0x22) 1008#define TSS_MS_RESTRICT_MIGRATE (0x23) 1009#define TSS_MS_RESTRICT_APPROVE_DOUBLE (0x24) 1010#define TSS_MS_RESTRICT_MIGRATE_EXTERNAL (0x25) 1011 1012// 1013// TPM key authorization 1014// Values intentionally moved away from corresponding TPM values to avoid 1015// possible misuse 1016// 1017#define TSS_KEYAUTH_AUTH_NEVER (0x10) 1018#define TSS_KEYAUTH_AUTH_ALWAYS (0x11) 1019#define TSS_KEYAUTH_AUTH_PRIV_USE_ONLY (0x12) 1020 1021 1022// 1023// Flags for TPM status information (GetStatus and SetStatus) 1024// 1025#define TSS_TPMSTATUS_DISABLEOWNERCLEAR (0x00000001) // persistent flag 1026#define TSS_TPMSTATUS_DISABLEFORCECLEAR (0x00000002) // volatile flag 1027#define TSS_TPMSTATUS_DISABLED (0x00000003) // persistent flag 1028#define TSS_TPMSTATUS_DEACTIVATED (0x00000004) // volatile flag 1029#define TSS_TPMSTATUS_OWNERSETDISABLE (0x00000005) // persistent flag 1030 // for SetStatus 1031 // (disable flag) 1032#define TSS_TPMSTATUS_SETOWNERINSTALL (0x00000006) // persistent flag 1033 // (ownership flag) 1034#define TSS_TPMSTATUS_DISABLEPUBEKREAD (0x00000007) // persistent flag 1035#define TSS_TPMSTATUS_ALLOWMAINTENANCE (0x00000008) // persistent flag 1036#define TSS_TPMSTATUS_PHYSPRES_LIFETIMELOCK (0x00000009) // persistent flag 1037#define TSS_TPMSTATUS_PHYSPRES_HWENABLE (0x0000000A) // persistent flag 1038#define TSS_TPMSTATUS_PHYSPRES_CMDENABLE (0x0000000B) // persistent flag 1039#define TSS_TPMSTATUS_PHYSPRES_LOCK (0x0000000C) // volatile flag 1040#define TSS_TPMSTATUS_PHYSPRESENCE (0x0000000D) // volatile flag 1041#define TSS_TPMSTATUS_PHYSICALDISABLE (0x0000000E) // persistent flag 1042 // (SetStatus 1043 // disable flag) 1044#define TSS_TPMSTATUS_CEKP_USED (0x0000000F) // persistent flag 1045#define TSS_TPMSTATUS_PHYSICALSETDEACTIVATED (0x00000010) // persistent flag 1046 // (deactivated flag) 1047#define TSS_TPMSTATUS_SETTEMPDEACTIVATED (0x00000011) // volatile flag 1048 // (deactivated flag) 1049#define TSS_TPMSTATUS_POSTINITIALISE (0x00000012) // volatile flag 1050#define TSS_TPMSTATUS_TPMPOST (0x00000013) // persistent flag 1051#define TSS_TPMSTATUS_TPMPOSTLOCK (0x00000014) // persistent flag 1052#define TSS_TPMSTATUS_DISABLEPUBSRKREAD (0x00000016) // persistent flag 1053#define TSS_TPMSTATUS_MAINTENANCEUSED (0x00000017) // persistent flag 1054#define TSS_TPMSTATUS_OPERATORINSTALLED (0x00000018) // persistent flag 1055#define TSS_TPMSTATUS_OPERATOR_INSTALLED (TSS_TPMSTATUS_OPERATORINSTALLED) 1056#define TSS_TPMSTATUS_FIPS (0x00000019) // persistent flag 1057#define TSS_TPMSTATUS_ENABLEREVOKEEK (0x0000001A) // persistent flag 1058#define TSS_TPMSTATUS_ENABLE_REVOKEEK (TSS_TPMSTATUS_ENABLEREVOKEEK) 1059#define TSS_TPMSTATUS_NV_LOCK (0x0000001B) // persistent flag 1060#define TSS_TPMSTATUS_TPM_ESTABLISHED (0x0000001C) // persistent flag 1061#define TSS_TPMSTATUS_RESETLOCK (0x0000001D) // volatile flag 1062#define TSS_TPMSTATUS_DISABLE_FULL_DA_LOGIC_INFO (0x0000001D) //persistent flag 1063 1064 1065// 1066// Capability flag definitions 1067// 1068// TPM capabilities 1069// 1070#define TSS_TPMCAP_ORD (0x10) 1071#define TSS_TPMCAP_ALG (0x11) 1072#define TSS_TPMCAP_FLAG (0x12) 1073#define TSS_TPMCAP_PROPERTY (0x13) 1074#define TSS_TPMCAP_VERSION (0x14) 1075#define TSS_TPMCAP_VERSION_VAL (0x15) 1076#define TSS_TPMCAP_NV_LIST (0x16) 1077#define TSS_TPMCAP_NV_INDEX (0x17) 1078#define TSS_TPMCAP_MFR (0x18) 1079#define TSS_TPMCAP_SYM_MODE (0x19) 1080#define TSS_TPMCAP_HANDLE (0x1a) 1081#define TSS_TPMCAP_TRANS_ES (0x1b) 1082#define TSS_TPMCAP_AUTH_ENCRYPT (0x1c) 1083#define TSS_TPMCAP_SET_PERM_FLAGS (0x1d) // cf. TPM_SET_PERM_FLAGS 1084#define TSS_TPMCAP_SET_VENDOR (0x1e) // cf. TPM_SET_VENDOR 1085#define TSS_TPMCAP_DA_LOGIC (0x1f) 1086 1087// 1088// Sub-Capability Flags for TSS_TPMCAP_PROPERTY 1089// 1090#define TSS_TPMCAP_PROP_PCR (0x10) 1091#define TSS_TPMCAP_PROP_DIR (0x11) 1092#define TSS_TPMCAP_PROP_MANUFACTURER (0x12) 1093#define TSS_TPMCAP_PROP_SLOTS (0x13) 1094#define TSS_TPMCAP_PROP_KEYS TSS_TPMCAP_PROP_SLOTS 1095#define TSS_TPMCAP_PROP_FAMILYROWS (0x14) 1096#define TSS_TPMCAP_PROP_DELEGATEROWS (0x15) 1097#define TSS_TPMCAP_PROP_OWNER (0x16) 1098#define TSS_TPMCAP_PROP_MAXKEYS (0x18) 1099#define TSS_TPMCAP_PROP_AUTHSESSIONS (0x19) 1100#define TSS_TPMCAP_PROP_MAXAUTHSESSIONS (0x1a) 1101#define TSS_TPMCAP_PROP_TRANSESSIONS (0x1b) 1102#define TSS_TPMCAP_PROP_MAXTRANSESSIONS (0x1c) 1103#define TSS_TPMCAP_PROP_SESSIONS (0x1d) 1104#define TSS_TPMCAP_PROP_MAXSESSIONS (0x1e) 1105#define TSS_TPMCAP_PROP_CONTEXTS (0x1f) 1106#define TSS_TPMCAP_PROP_MAXCONTEXTS (0x20) 1107#define TSS_TPMCAP_PROP_DAASESSIONS (0x21) 1108#define TSS_TPMCAP_PROP_MAXDAASESSIONS (0x22) 1109#define TSS_TPMCAP_PROP_DAA_INTERRUPT (0x23) 1110#define TSS_TPMCAP_PROP_COUNTERS (0x24) 1111#define TSS_TPMCAP_PROP_MAXCOUNTERS (0x25) 1112#define TSS_TPMCAP_PROP_ACTIVECOUNTER (0x26) 1113#define TSS_TPMCAP_PROP_MIN_COUNTER (0x27) 1114#define TSS_TPMCAP_PROP_TISTIMEOUTS (0x28) 1115#define TSS_TPMCAP_PROP_STARTUPEFFECTS (0x29) 1116#define TSS_TPMCAP_PROP_MAXCONTEXTCOUNTDIST (0x2a) 1117#define TSS_TPMCAP_PROP_CMKRESTRICTION (0x2b) 1118#define TSS_TPMCAP_PROP_DURATION (0x2c) 1119#define TSS_TPMCAP_PROP_MAXNVAVAILABLE (0x2d) 1120#define TSS_TPMCAP_PROP_INPUTBUFFERSIZE (0x2e) 1121#define TSS_TPMCAP_PROP_REVISION (0x2f) 1122#define TSS_TPMCAP_PROP_LOCALITIES_AVAIL (0x32) 1123 1124// 1125// Resource type flags 1126// Sub-Capability Flags for TSS_TPMCAP_HANDLE 1127// 1128#define TSS_RT_KEY ((UINT32)0x00000010) 1129#define TSS_RT_AUTH ((UINT32)0x00000020) 1130#define TSS_RT_TRANS ((UINT32)0x00000030) 1131#define TSS_RT_COUNTER ((UINT32)0x00000040) 1132 1133 1134// 1135// TSS Core Service Capabilities 1136// 1137#define TSS_TCSCAP_ALG (0x00000001) 1138#define TSS_TCSCAP_VERSION (0x00000002) 1139#define TSS_TCSCAP_CACHING (0x00000003) 1140#define TSS_TCSCAP_PERSSTORAGE (0x00000004) 1141#define TSS_TCSCAP_MANUFACTURER (0x00000005) 1142#define TSS_TCSCAP_PLATFORM_CLASS (0x00000006) 1143#define TSS_TCSCAP_TRANSPORT (0x00000007) 1144#define TSS_TCSCAP_PLATFORM_INFO (0x00000008) 1145 1146// 1147// Sub-Capability Flags TSS-CoreService-Capabilities 1148// 1149#define TSS_TCSCAP_PROP_KEYCACHE (0x00000100) 1150#define TSS_TCSCAP_PROP_AUTHCACHE (0x00000101) 1151#define TSS_TCSCAP_PROP_MANUFACTURER_STR (0x00000102) 1152#define TSS_TCSCAP_PROP_MANUFACTURER_ID (0x00000103) 1153#define TSS_TCSCAP_PLATFORM_VERSION (0x00001100) 1154#define TSS_TCSCAP_PLATFORM_TYPE (0x00001101) 1155#define TSS_TCSCAP_TRANS_EXCLUSIVE (0x00002100) 1156#define TSS_TCSCAP_PROP_HOST_PLATFORM (0x00003001) 1157#define TSS_TCSCAP_PROP_ALL_PLATFORMS (0x00003002) 1158 1159// 1160// TSS Service Provider Capabilities 1161// 1162#define TSS_TSPCAP_ALG (0x00000010) 1163#define TSS_TSPCAP_VERSION (0x00000011) 1164#define TSS_TSPCAP_PERSSTORAGE (0x00000012) 1165#define TSS_TSPCAP_MANUFACTURER (0x00000013) 1166#define TSS_TSPCAP_RETURNVALUE_INFO (0x00000015) 1167#define TSS_TSPCAP_PLATFORM_INFO (0x00000016) 1168 1169// Sub-Capability Flags for TSS_TSPCAP_MANUFACTURER 1170// 1171#define TSS_TSPCAP_PROP_MANUFACTURER_STR (0x00000102) 1172#define TSS_TSPCAP_PROP_MANUFACTURER_ID (0x00000103) 1173 1174// Sub-Capability Flags for TSS_TSPCAP_PLATFORM_INFO 1175// 1176#define TSS_TSPCAP_PLATFORM_TYPE (0x00000201) 1177#define TSS_TSPCAP_PLATFORM_VERSION (0x00000202) 1178 1179 1180 1181// Sub-Capability Flags for TSS_TSPCAP_RETURNVALUE_INFO 1182// 1183#define TSS_TSPCAP_PROP_RETURNVALUE_INFO (0x00000201) 1184 1185// 1186// Event type definitions 1187// 1188#define TSS_EV_CODE_CERT (0x00000001) 1189#define TSS_EV_CODE_NOCERT (0x00000002) 1190#define TSS_EV_XML_CONFIG (0x00000003) 1191#define TSS_EV_NO_ACTION (0x00000004) 1192#define TSS_EV_SEPARATOR (0x00000005) 1193#define TSS_EV_ACTION (0x00000006) 1194#define TSS_EV_PLATFORM_SPECIFIC (0x00000007) 1195 1196 1197// 1198// TSP random number limits 1199// 1200#define TSS_TSPCAP_RANDOMLIMIT (0x00001000) // Errata: Missing from spec 1201 1202// 1203// UUIDs 1204// 1205// Errata: This are not in the spec 1206#define TSS_UUID_SRK {0, 0, 0, 0, 0, {0, 0, 0, 0, 0, 1}} // Storage root key 1207#define TSS_UUID_SK {0, 0, 0, 0, 0, {0, 0, 0, 0, 0, 2}} // System key 1208#define TSS_UUID_RK {0, 0, 0, 0, 0, {0, 0, 0, 0, 0, 3}} // roaming key 1209#define TSS_UUID_CRK {0, 0, 0, 0, 0, {0, 0, 0, 0, 0, 8}} // CMK roaming key 1210#define TSS_UUID_USK1 {0, 0, 0, 0, 0, {0, 0, 0, 0, 0, 4}} // user storage key 1 1211#define TSS_UUID_USK2 {0, 0, 0, 0, 0, {0, 0, 0, 0, 0, 5}} // user storage key 2 1212#define TSS_UUID_USK3 {0, 0, 0, 0, 0, {0, 0, 0, 0, 0, 6}} // user storage key 3 1213#define TSS_UUID_USK4 {0, 0, 0, 0, 0, {0, 0, 0, 0, 0, 7}} // user storage key 4 1214#define TSS_UUID_USK5 {0, 0, 0, 0, 0, {0, 0, 0, 0, 0, 9}} // user storage key 5 1215#define TSS_UUID_USK6 {0, 0, 0, 0, 0, {0, 0, 0, 0, 0, 10}}// user storage key 6 1216 1217// macro to derive UUIDs for keys whose "OwnerEvict" key is set. 1218#define TSS_UUID_OWNEREVICT(i) {0, 0, 0, 0, 0, {0, 0, 0, 0, 1, (i)}} 1219 1220 1221// 1222// TPM well-known secret 1223// 1224#define TSS_WELL_KNOWN_SECRET \ 1225 {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ 1226 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00} 1227 1228 1229// Values for the "direction" parameters in the Tspi_PcrComposite_XX functions. 1230#define TSS_PCRS_DIRECTION_CREATION ((UINT32)1) 1231#define TSS_PCRS_DIRECTION_RELEASE ((UINT32)2) 1232 1233 1234// 1235// TSS blob version definition for ASN.1 blobs 1236// 1237#define TSS_BLOB_STRUCT_VERSION 0x01 1238 1239// 1240// TSS blob type definitions for ASN.1 blobs 1241// 1242#define TSS_BLOB_TYPE_KEY 0x01 1243#define TSS_BLOB_TYPE_PUBKEY 0x02 1244#define TSS_BLOB_TYPE_MIGKEY 0x03 1245#define TSS_BLOB_TYPE_SEALEDDATA 0x04 1246#define TSS_BLOB_TYPE_BOUNDDATA 0x05 1247#define TSS_BLOB_TYPE_MIGTICKET 0x06 1248#define TSS_BLOB_TYPE_PRIVATEKEY 0x07 1249#define TSS_BLOB_TYPE_PRIVATEKEY_MOD1 0x08 1250#define TSS_BLOB_TYPE_RANDOM_XOR 0x09 1251#define TSS_BLOB_TYPE_CERTIFY_INFO 0x0A 1252#define TSS_BLOB_TYPE_KEY_1_2 0x0B 1253#define TSS_BLOB_TYPE_CERTIFY_INFO_2 0x0C 1254#define TSS_BLOB_TYPE_CMK_MIG_KEY 0x0D 1255#define TSS_BLOB_TYPE_CMK_BYTE_STREAM 0x0E 1256 1257 1258 1259// 1260// Values for TPM_CMK_DELEGATE bitmasks 1261// For now these are exactly the same values as the corresponding 1262// TPM_CMK_DELEGATE_* bitmasks. 1263// 1264#define TSS_CMK_DELEGATE_SIGNING (((UINT32)1)<<31) 1265#define TSS_CMK_DELEGATE_STORAGE (((UINT32)1)<<30) 1266#define TSS_CMK_DELEGATE_BIND (((UINT32)1)<<29) 1267#define TSS_CMK_DELEGATE_LEGACY (((UINT32)1)<<28) 1268#define TSS_CMK_DELEGATE_MIGRATE (((UINT32)1)<<27) 1269 1270 1271// 1272// Constants for DAA 1273// 1274#define TSS_DAA_LENGTH_N 256 // Length of the RSA Modulus (2048 bits) 1275#define TSS_DAA_LENGTH_F 13 // Length of the f_i's (information encoded into the certificate, 104 bits) 1276#define TSS_DAA_LENGTH_E 46 // Length of the e's (exponents, part of certificate, 386 bits) 1277#define TSS_DAA_LENGTH_E_PRIME 15 // Length of the interval the e's are chosen from (120 bits) 1278#define TSS_DAA_LENGTH_V 317 // Length of the v's (random value, part of certificate, 2536 bits) 1279#define TSS_DAA_LENGTH_SAFETY 10 // Length of the security parameter controlling the statistical zero-knowledge property (80 bits) 1280#define TSS_DAA_LENGTH_HASH TPM_SHA1_160_HASH_LEN // Length of the output of the hash function SHA-1 used for the Fiat-Shamir heuristic(160 bits) 1281#define TSS_DAA_LENGTH_S 128 // Length of the split large exponent for easier computations on the TPM (1024 bits) 1282#define TSS_DAA_LENGTH_GAMMA 204 // Length of the modulus 'Gamma' (1632 bits) 1283#define TSS_DAA_LENGTH_RHO 26 // Length of the order 'rho' of the sub group of Z*_Gamma that is used for roggue tagging (208 bits) 1284#define TSS_DAA_LENGTH_MFG1_GAMMA 214 // Length of the output of MGF1 in conjunction with the modulus Gamma (1712 bits) 1285#define TSS_DAA_LENGTH_MGF1_AR 25 // Length of the output of MGF1 used for anonymity revocation (200 bits) 1286 1287 1288#endif // __TSS_DEFINES_H__ 1289