ModCertMsg format

This section defines the wire format for M_ModCertMsg and its descendant types.

In a key attestation bundle as described in Key attestation bundle construction, the following fields will use this format:

  • modstatemsg

  • kcmsg

M_ModCertMsg

This represents a structure with the following fields:

Field Size Format

type

4 bytes

Little-endian unsigned integer. See M_ModCertType

data

variable

Depends on field type. See below.

M_ModCertMsg.data representations

This depends on the value of the type field, as follows:

Name of type Value of type Format of data

ModCertType_KeyGen

2

M_ModCertType_KeyGen_ModCertData

ModCertType_StateCert

4

M_ModCertType_StateCert_ModCertData

Any supported values of type not present in the table correspond to an empty (zero-length) data field.

M_DSAGenerationHash

This represents a structure with the following fields:

Field Size Format

hash

4 bytes

Little-endian unsigned integer. See M_Mech

M_KeyGenParams

This represents a structure with the following fields:

Field Size Format

type

4 bytes

Little-endian unsigned integer. See M_KeyType

params

variable

Depends on field type. See below.

M_KeyGenParams.params representations

This depends on the value of the type field, as follows:

Name of type Value of type Format of params

KeyType_RSAPrivate

2

M_KeyType_RSAPrivate_GenParams

KeyType_DSAPrivate

19

M_KeyType_DSAPrivate_GenParams

KeyType_KCDSAPrivate

40

M_KeyType_KCDSAPrivate_GenParams

KeyType_ECPrivate

45

M_KeyType_ECPrivate_GenParams

KeyType_ECDSAPrivate

47

M_KeyType_ECPrivate_GenParams

Any supported values of type not present in the table correspond to an empty (zero-length) params field.

M_KeyHashAttrib

This represents a structure with the following fields:

Field Size Format

hk

variable

See M_Hash

mech_i

4 bytes

Little-endian unsigned integer. See M_Mech

mech_c

4 bytes

Little-endian unsigned integer. See M_Mech

M_vec_KeyHashAttrib

This represents an array of M_KeyHashAttrib objects.

M_KeyType_DSAPrivate_GenParams

This represents a structure with the following fields:

Field Size Format

flags

4 bytes

Little-endian unsigned integer. See M_KeyType_DSAPrivate_GenParams_flags

lenbits

4 bytes

Little-endian unsigned integer. See M_Word

dlg

variable

Empty, or M_DSADiscreteLogGroup if dlg_present (0x00000001) is set in flags)

qhash

variable

Empty, or M_DSAGenerationHash if qhash_present (0x00000004) is set in flags)

M_KeyType_DSAPrivate_GenParams_flags

A bitmap type, represented as a 4-byte little-endian unsigned integer. Individual bit values are:

Value Name

0x00000001

dlg_present

0x00000002

Strict

0x00000004

qhash_present

M_KeyType_ECPrivate_GenParams

This represents a structure with the following fields:

Field Size Format

curve

variable

See M_EllipticCurve

M_KeyType_KCDSAPrivate_GenParams

This represents a structure with the following fields:

Field Size Format

flags

4 bytes

Little-endian unsigned integer. See M_KeyType_KCDSAPrivate_GenParams_flags

plen

4 bytes

Little-endian unsigned integer. See M_Word

qlen

4 bytes

Little-endian unsigned integer. See M_Word

dlg

variable

Empty, or M_DSADiscreteLogGroup if dlg_present (0x00000001) is set in flags)

M_KeyType_KCDSAPrivate_GenParams_flags

A bitmap type, represented as a 4-byte little-endian unsigned integer. Individual bit values are:

Value Name

0x00000001

dlg_present

M_KeyType_RSAPrivate_GenParams

This represents a structure with the following fields:

Field Size Format

flags

4 bytes

Little-endian unsigned integer. See M_KeyType_RSAPrivate_GenParams_flags

lenbits

4 bytes

Little-endian unsigned integer. See M_Word

given_e

variable

Empty, or M_Bignum if given_e_present (0x00000001) is set in flags)

nchecks

variable

Empty, or M_Word if nchecks_present (0x00000002) is set in flags)

M_KeyType_RSAPrivate_GenParams_flags

A bitmap type, represented as a 4-byte little-endian unsigned integer. Individual bit values are:

Value Name

0x00000001

given_e_present

0x00000002

nchecks_present

0x00000004

UseStrongPrimes

M_ModCertType

An enumeration type, represented as a 4-byte little-endian unsigned integer. Possible values include:

Value Name

2

ModCertType_KeyGen

4

ModCertType_StateCert

M_ModCertType_KeyGen_ModCertData

This represents a structure with the following fields:

Field Size Format

flags

4 bytes

Little-endian unsigned integer. See M_ModCertType_KeyGen_ModCertData_flags

genparams

variable

See M_KeyGenParams

acl

variable

See M_ACL

hka

variable

See M_Hash

hkaex

variable

Empty, or [M_KeyHashEx] if hkaex_present (0x00000002) is set in flags)

M_ModCertType_KeyGen_ModCertData_flags

A bitmap type, represented as a 4-byte little-endian unsigned integer. Individual bit values are:

Value Name

0x00000001

Public

0x00000002

hkaex_present

M_ModCertType_StateCert_ModCertData

This represents a structure with the following fields:

Field Size Format

flags

4 bytes

Little-endian unsigned integer. See M_ModCertType_StateCert_ModCertData_flags

state

variable

See M_ModuleAttribList

M_ModCertType_StateCert_ModCertData_flags

A bitmap type, represented as a 4-byte little-endian unsigned integer. No flags are currently defined for this field.

M_ModKeyInfoEx

This represents a structure with the following fields:

Field Size Format

v

4 bytes

Little-endian unsigned integer. See M_Word

hk

variable

See M_KeyHashEx

type

4 bytes

Little-endian unsigned integer. See M_KeyType

mech_i

4 bytes

Little-endian unsigned integer. See M_Mech

mech_c

4 bytes

Little-endian unsigned integer. See M_Mech

M_vec_ModKeyInfoEx

This represents an array of M_ModKeyInfoEx objects.

M_ModuleAttrib

This represents a structure with the following fields:

Field Size Format

tag

4 bytes

Little-endian unsigned integer. See M_ModuleAttribTag

value

variable

Depends on field tag. See below.

M_ModuleAttrib.value representations

This depends on the value of the tag field, as follows:

Name of tag Value of tag Format of value

ModuleAttribTag_ESN

2

M_ModuleAttribTag_ESN_Value

ModuleAttribTag_KML

3

M_ModuleAttribTag_KML_Value

ModuleAttribTag_KNSO

5

M_ModuleAttribTag_KNSO_Value

ModuleAttribTag_KMList

6

M_ModuleAttribTag_KMList_Value

ModuleAttribTag_KLF2

13

M_ModuleAttribTag_KLF2_Value

ModuleAttribTag_KMLEx

19

M_ModuleAttribTag_KMLEx_Value

ModuleAttribTag_KNSOEx

20

M_ModuleAttribTag_KNSOEx_Value

ModuleAttribTag_ModKeyInfoEx

21

M_ModuleAttribTag_ModKeyInfoEx_Value

ModuleAttribTag_KLF2Ex

22

M_ModuleAttribTag_KMLEx_Value

Any supported values of tag not present in the table correspond to an empty (zero-length) value field.

M_vec_ModuleAttrib

This represents an array of M_ModuleAttrib objects.

M_ModuleAttribList

This represents a structure with the following fields:

Field Size Format

n_attribs

4 bytes

Little-endian unsigned integer.

attribs

variable

n_attribs copies of M_ModuleAttrib. See M_vec_ModuleAttrib

M_ModuleAttribTag

An enumeration type, represented as a 4-byte little-endian unsigned integer. Possible values include:

Value Name

2

ModuleAttribTag_ESN

3

ModuleAttribTag_KML

5

ModuleAttribTag_KNSO

6

ModuleAttribTag_KMList

13

ModuleAttribTag_KLF2

19

ModuleAttribTag_KMLEx

20

ModuleAttribTag_KNSOEx

21

ModuleAttribTag_ModKeyInfoEx

22

ModuleAttribTag_KLF2Ex

M_ModuleAttribTag_ESN_Value

This represents a structure with the following fields:

Field Size Format

esn

variable

See M_ASCIIString

M_ModuleAttribTag_KLF2_Value

This represents a structure with the following fields:

Field Size Format

hklf2

variable

See M_Hash

klf2pub

variable

See M_KeyData

mech_i

4 bytes

Little-endian unsigned integer. See M_Mech

M_ModuleAttribTag_KMLEx_Value

This represents a structure with the following fields:

Field Size Format

hk

variable

See M_KeyHashEx

pubkey

variable

See M_KeyData

mech_i

4 bytes

Little-endian unsigned integer. See M_Mech

M_ModuleAttribTag_KML_Value

This represents a structure with the following fields:

Field Size Format

hkml

variable

See M_Hash

kmlpub

variable

See M_KeyData

mech_i

4 bytes

Little-endian unsigned integer. See M_Mech

M_ModuleAttribTag_KMList_Value

This represents a structure with the following fields:

Field Size Format

n_hkms

4 bytes

Little-endian unsigned integer.

hkms

variable

n_hkms copies of M_KeyHashAttrib. See M_vec_KeyHashAttrib

M_ModuleAttribTag_KNSOEx_Value

This represents a structure with the following fields:

Field Size Format

hknso

variable

See M_KeyHashEx

publicperms

variable

See M_NSOPerms

M_ModuleAttribTag_KNSO_Value

This represents a structure with the following fields:

Field Size Format

hknso

variable

See M_Hash

publicperms

variable

See M_NSOPerms

M_ModuleAttribTag_ModKeyInfoEx_Value

This represents a structure with the following fields:

Field Size Format

n_kms

4 bytes

Little-endian unsigned integer.

kms

variable

n_kms copies of M_ModKeyInfoEx. See M_vec_ModKeyInfoEx

M_NSOPerms

This represents a structure with the following fields:

Field Size Format

ops

4 bytes

Little-endian unsigned integer. See M_NSOPerms_ops

M_NSOPerms_ops

A bitmap type, represented as a 4-byte little-endian unsigned integer. Individual bit values are:

Value Name

0x00000001

LoadLogicalToken

0x00000002

ReadFile

0x00000004

WriteShare

0x00000008

WriteFile

0x00000010

EraseShare

0x00000020

EraseFile

0x00000040

FormatToken

0x00000080

SetKM

0x00000100

RemoveKM

0x00000200

GenerateLogToken

0x00000400

ChangeSharePIN

0x00000800

OriginateKey

0x00001000

NVMemAlloc

0x00002000

NVMemFree

0x00004000

GetRTC

0x00008000

SetRTC

0x00010000

DebugSEEWorld

0x00020000

SendShare

0x00040000

ForeignTokenOpen