libhwsec/structures/signature_sealed_data.fbs - third_party/platform2 - Git at Google

 // Copyright 2021 The Chromium Authors
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 // Our Python generator removes the "_serialized_" namespace when generating
 // the code, to avoid symbol clash with the code generated by flatc.
 namespace hwsec._serialized_;

 // Data for the TPM 2.0 policy digest.
 table Tpm2PolicyDigest {
   // TPM policy digest for the TPM2_PolicyPCR command.
   digest:[ubyte] (id: 0);
 }

 // Data for the TPM 2.0 method based on the "TPM2_PolicySigned" feature.
 table Tpm2PolicySignedData {
   // DER-encoded blob of the X.509 Subject Public Key Info of the key that
   // should be used for unsealing.
   public_key_spki_der:[ubyte] (id: 0);

   // The secret blob, wrapped by the TPM's Storage Root Key.
   srk_wrapped_secret:[ubyte] (id: 1);

   // The signature scheme (TPM_ALG_ID) that should be used for unsealing.
   scheme:int = null (id: 2);

   // The signature hash algorithm (TPM_ALG_ID) that should be used for
   // unsealing.
   hash_alg:int = null (id: 3);

   // Multiple alternative sets of PCR digests that are applied to the
   // wrapped secret. For unsealing, it's enough to satisfy only one of those
   // restrictions.
   // Note that the order of items here is important: it defines the order of
   // arguments when building the TPM policy digest.
   pcr_policy_digests:[Tpm2PolicyDigest] (id: 4);
 }

 // Index and value of a TPM Platform Configuration Register (PCR).
 table Tpm12PcrValue {
   pcr_index:uint = null (id: 0);
   pcr_value:[ubyte] (id: 1);
 }

 // TPM 1.2 data that is bound to the specific set of PCRs.
 table Tpm12PcrBoundItem {
   // Set of PCRs to which the secret blob is bound.
   pcr_values:[Tpm12PcrValue] (id: 0);

   // The secret blob, which is bound to the PCR values specified by
   // |pcr_values| and with the AuthData value that is stored encrypted in
   // |cmk_wrapped_auth_data|.
   bound_secret:[ubyte] (id: 1);
 }

 // Data for the TPM 1.2 method based on the "Certified Migratable Key"
 // functionality.
 table Tpm12CertifiedMigratableKeyData {
   // DER-encoded blob of the X.509 Subject Public Key Info of the key that
   // should be used for unsealing.
   public_key_spki_der:[ubyte] (id: 0);

   // The blob of the Certified Migratable Key wrapped by the TPM's Storage
   // Root Key.
   srk_wrapped_cmk:[ubyte] (id: 1);

   // The TPM_PUBKEY blob of the Certified Migratable Key.
   cmk_pubkey:[ubyte] (id: 2);

   // The AuthData blob encrypted by the CMK using the RSAES-OAEP MGF1
   // algorithm.
   cmk_wrapped_auth_data:[ubyte] (id: 3);

   // Multiple alternative representations of the secret data, where each
   // representation is bound to its specific set of PCRs and to the AuthData
   // value that is stored encrypted in |cmk_wrapped_auth_data|.
   pcr_bound_items:[Tpm12PcrBoundItem] (id: 4);
 }

 union SignatureSealedData {
   Tpm2PolicySignedData,
   Tpm12CertifiedMigratableKeyData
 }
	// Copyright 2021 The Chromium Authors
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	// Our Python generator removes the "_serialized_" namespace when generating
	// the code, to avoid symbol clash with the code generated by flatc.
	namespace hwsec._serialized_;

	// Data for the TPM 2.0 policy digest.
	table Tpm2PolicyDigest {
	// TPM policy digest for the TPM2_PolicyPCR command.
	digest:[ubyte] (id: 0);
	}

	// Data for the TPM 2.0 method based on the "TPM2_PolicySigned" feature.
	table Tpm2PolicySignedData {
	// DER-encoded blob of the X.509 Subject Public Key Info of the key that
	// should be used for unsealing.
	public_key_spki_der:[ubyte] (id: 0);

	// The secret blob, wrapped by the TPM's Storage Root Key.
	srk_wrapped_secret:[ubyte] (id: 1);

	// The signature scheme (TPM_ALG_ID) that should be used for unsealing.
	scheme:int = null (id: 2);

	// The signature hash algorithm (TPM_ALG_ID) that should be used for
	// unsealing.
	hash_alg:int = null (id: 3);

	// Multiple alternative sets of PCR digests that are applied to the
	// wrapped secret. For unsealing, it's enough to satisfy only one of those
	// restrictions.
	// Note that the order of items here is important: it defines the order of
	// arguments when building the TPM policy digest.
	pcr_policy_digests:[Tpm2PolicyDigest] (id: 4);
	}

	// Index and value of a TPM Platform Configuration Register (PCR).
	table Tpm12PcrValue {
	pcr_index:uint = null (id: 0);
	pcr_value:[ubyte] (id: 1);
	}

	// TPM 1.2 data that is bound to the specific set of PCRs.
	table Tpm12PcrBoundItem {
	// Set of PCRs to which the secret blob is bound.
	pcr_values:[Tpm12PcrValue] (id: 0);

	// The secret blob, which is bound to the PCR values specified by
	// \|pcr_values\| and with the AuthData value that is stored encrypted in
	// \|cmk_wrapped_auth_data\|.
	bound_secret:[ubyte] (id: 1);
	}

	// Data for the TPM 1.2 method based on the "Certified Migratable Key"
	// functionality.
	table Tpm12CertifiedMigratableKeyData {
	// DER-encoded blob of the X.509 Subject Public Key Info of the key that
	// should be used for unsealing.
	public_key_spki_der:[ubyte] (id: 0);

	// The blob of the Certified Migratable Key wrapped by the TPM's Storage
	// Root Key.
	srk_wrapped_cmk:[ubyte] (id: 1);

	// The TPM_PUBKEY blob of the Certified Migratable Key.
	cmk_pubkey:[ubyte] (id: 2);

	// The AuthData blob encrypted by the CMK using the RSAES-OAEP MGF1
	// algorithm.
	cmk_wrapped_auth_data:[ubyte] (id: 3);

	// Multiple alternative representations of the secret data, where each
	// representation is bound to its specific set of PCRs and to the AuthData
	// value that is stored encrypted in \|cmk_wrapped_auth_data\|.
	pcr_bound_items:[Tpm12PcrBoundItem] (id: 4);
	}

	union SignatureSealedData {
	Tpm2PolicySignedData,
	Tpm12CertifiedMigratableKeyData
	}