1 /* SPDX-License-Identifier: BSD-2-Clause */
2 /*******************************************************************************
3  * Copyright 2018-2019, Fraunhofer SIT sponsored by Infineon Technologies AG
4  * All rights reserved.
5  ******************************************************************************/
6 
7 #ifndef IFAPI_KEYSTORE_H
8 #define IFAPI_KEYSTORE_H
9 
10 #include <stdlib.h>
11 
12 #include "tss2_common.h"
13 #include "tss2_tpm2_types.h"
14 #include "fapi_types.h"
15 #include "ifapi_policy_types.h"
16 #include "tss2_esys.h"
17 
18 typedef UINT32 IFAPI_OBJECT_TYPE_CONSTANT;
19 #define IFAPI_OBJ_NONE                 0    /**< Tag for key resource */
20 #define IFAPI_KEY_OBJ                  1    /**< Tag for key resource */
21 #define IFAPI_NV_OBJ                   2    /**< Tag for NV Ram resource */
22 #define IFAPI_EXT_PUB_KEY_OBJ          3    /**< Tag for key resource */
23 #define IFAPI_HIERARCHY_OBJ            4    /**< Tag for other resources, e.g. PCR register, hierarchies */
24 #define IFAPI_DUPLICATE_OBJ            5    /**< Tag for key duplication object */
25 
26 /** Type for representing a FAPI key
27  */
28 typedef struct {
29     UINT32                            persistent_handle;    /**< Persistent TPM Handle */
30     TPM2B_PUBLIC                                 public;    /**< The wrapped public portion of the object */
31     UINT8_ARY                             serialization;    /**< None */
32     UINT8_ARY                                   private;    /**< None */
33     char                                *policyInstance;    /**<  Keys policy */
34     TPM2B_CREATION_DATA                    creationData;    /**< None */
35     TPMT_TK_CREATION                     creationTicket;    /**< None */
36     char                                   *description;    /**< Human readable description of key */
37     UINT8_ARY                                   appData;    /**< Application data */
38     char                                   *certificate;    /**< Keys certificate (if any) */
39     TPMT_SIG_SCHEME                      signing_scheme;    /**< Signing scheme for the key */
40     TPM2B_NAME                                     name;    /**< Name of the key */
41     TPMI_YES_NO                               with_auth;    /**< Authorization provided during creation */
42     UINT32                                  reset_count;    /**< The TPM reset count during key creation */
43 } IFAPI_KEY;
44 
45 /** Type for representing a external public key
46  */
47 typedef struct {
48     char                                *pem_ext_public;    /**< Public key in PEM format */
49     char                                   *certificate;    /**< Keys certificate (if any) */
50     TPM2B_PUBLIC                                 public;    /**< The pulic information in TPM format */
51 } IFAPI_EXT_PUB_KEY;
52 
53 /** Type for representing hierarchy
54  */
55 typedef struct {
56     TPMI_YES_NO                               with_auth;    /**< Authorization provided */
57     char                                   *description;    /**< Human readable description of hierarchy */
58     TPM2B_DIGEST                             authPolicy;
59     ESYS_TR                                  esysHandle;
60     bool                                      authorized;   /**< Switch whether hiearchy is authorized. */
61 } IFAPI_HIERARCHY;
62 
63 /** Type for representing a FAPI NV object
64  */
65 typedef struct {
66     TPM2B_NV_PUBLIC                              public;    /**< The wrapped public portion of the object */
67     UINT8_ARY                             serialization;    /**< None */
68     UINT32                                    hierarchy;    /**< The hierarchy used for NV object creation */
69     char                                *policyInstance;    /**<  Keys policy */
70     char                                   *description;    /**< Human readable description of key */
71     UINT8_ARY                                   appData;    /**< Application data */
72     TPMI_YES_NO                               with_auth;    /**< Authorization provided during creation */
73     char*                                     event_log;    /**< The event log if NV type is pcr */
74 } IFAPI_NV;
75 
76 /** Type for representing a FAPI object for key duplication.
77  */
78 typedef struct {
79 
80     TPM2B_PRIVATE                             duplicate; /**< The duplicate of the key to export*/
81     TPM2B_ENCRYPTED_SECRET               encrypted_seed; /**< Encrypted seed needed for key import */
82     TPM2B_PUBLIC                                 public; /**< The public information of the key to be duplicated */
83     TPM2B_PUBLIC                          public_parent; /**< The public information of the new parent key */
84     char                                   *certificate; /**< The certificate of the key to be duplicated */
85     TPMS_POLICY                                 *policy; /**< The policy of the key to be duplicated */
86 } IFAPI_DUPLICATE;
87 
88 /** type for representing public info of a TPM-Resource
89  */
90 typedef union {
91     IFAPI_EXT_PUB_KEY                       ext_pub_key;    /**< Public info for external key. */
92     IFAPI_KEY                                       key;    /**< Public info for key objects */
93     IFAPI_NV                                         nv;    /**< Public info for NV ram objects */
94     IFAPI_DUPLICATE                            key_tree;    /**< Information for key duplication */
95     IFAPI_HIERARCHY                           hierarchy;    /**< Information related to hierarchies */
96 } IFAPI_OBJECT_UNION;
97 
98 /** The states for key searching */
99 enum FAPI_SEARCH_STATE {
100     KSEARCH_INIT = 0,
101     KSEARCH_SEARCH_OBJECT,
102     KSEARCH_READ
103 };
104 
105 /** The data structure holding internal state for key searching.
106  */
107 typedef struct {
108     size_t path_idx;                /**< Index of array of objects to be searched */
109     size_t numPaths;                /**< Number of all objects in data store */
110     char **pathlist;                /**< The array of all objects  in the search path */
111     enum FAPI_SEARCH_STATE state;
112 } IFAPI_KEY_SEARCH;
113 
114 typedef struct IFAPI_KEYSTORE {
115     char *systemdir;
116     char *userdir;
117     char *defaultprofile;
118     IFAPI_KEY_SEARCH key_search;
119     const char* rel_path;
120 } IFAPI_KEYSTORE;
121 
122 
123 /** The states for the FAPI's object authorization state*/
124 enum IFAPI_AUTHORIZATION_STATE {
125     AUTH_INIT = 0,
126     AUTH_CHECK_POLICY,
127     AUTH_CREATE_SESSION,
128     AUTH_EXEC_POLICY,
129     AUTH_FLUSH_OLD_POLICY,
130     AUTH_DONE
131 };
132 
133 /** The states for the FAPI's object write/read state*/
134 enum IFAPI_IO_STATE {
135     IO_INIT = 0,
136     IO_ACTIVE,
137 };
138 
139 /** Type for representing TPM-Resource
140  */
141 typedef struct _IFAPI_OBJECT {
142     TPMS_POLICY                                 *policy;
143     IFAPI_OBJECT_TYPE_CONSTANT               objectType;    /**< Selector for object type */
144     IFAPI_OBJECT_UNION                             misc;    /**< Resource specific information */
145     TPMI_YES_NO                                  system;    /**< Store the object in the system wide
146                                                              directory */
147     ESYS_TR                                      handle;    /**< Handle used by ESAPI */
148     enum IFAPI_AUTHORIZATION_STATE  authorization_state;    /**< State of object authorization state machine */
149     enum IFAPI_IO_STATE                           state;
150     const char                                *rel_path;    /**< The relative path in keystore. */
151 
152 } IFAPI_OBJECT;
153 
154 TSS2_RC
155 ifapi_check_valid_path(const char *path);
156 
157 TSS2_RC
158 ifapi_keystore_initialize(
159     IFAPI_KEYSTORE *keystore,
160     const char *config_systemdir,
161     const char *config_userdir,
162     const char *config_defaultprofile);
163 
164 TSS2_RC
165 ifapi_keystore_load_async(
166     IFAPI_KEYSTORE *keystore,
167     IFAPI_IO *io,
168     const char *path);
169 
170 TSS2_RC
171 ifapi_keystore_load_finish(
172     IFAPI_KEYSTORE *keystore,
173     IFAPI_IO *io,
174     IFAPI_OBJECT *object);
175 
176 TSS2_RC
177 ifapi_keystore_object_does_not_exist(
178     IFAPI_KEYSTORE *keystore,
179     const char *path,
180     const IFAPI_OBJECT *object);
181 
182 TSS2_RC
183 ifapi_keystore_store_async(
184     IFAPI_KEYSTORE *keystore,
185     IFAPI_IO *io,
186     const char *path,
187     const IFAPI_OBJECT *object);
188 
189 TSS2_RC
190 ifapi_keystore_store_finish(
191     IFAPI_IO *io);
192 
193 TSS2_RC
194 ifapi_keystore_list_all(
195     IFAPI_KEYSTORE *keystore,
196     const char *searchpath,
197     char ***results,
198     size_t *numresults);
199 
200 TSS2_RC
201 ifapi_keystore_delete(
202      IFAPI_KEYSTORE *keystore,
203      char *path);
204 
205 TSS2_RC
206 ifapi_keystore_remove_directories(
207     IFAPI_KEYSTORE *keystore,
208     const char *dir_name);
209 
210 TSS2_RC
211 ifapi_keystore_search_obj(
212     IFAPI_KEYSTORE *keystore,
213     IFAPI_IO *io,
214     TPM2B_NAME *name,
215     char **found_path);
216 
217 TSS2_RC
218 ifapi_keystore_search_nv_obj(
219     IFAPI_KEYSTORE *keystore,
220     IFAPI_IO *io,
221     TPM2B_NV_PUBLIC *nv_public,
222     char **found_path);
223 
224 TSS2_RC
225 ifapi_keystore_check_overwrite(
226     IFAPI_KEYSTORE *keystore,
227     const char *path);
228 
229 TSS2_RC
230 ifapi_keystore_check_writeable(
231     IFAPI_KEYSTORE *keystore,
232     const char *path);
233 
234 TSS2_RC
235 ifapi_copy_ifapi_key(
236     IFAPI_KEY * dest,
237     const IFAPI_KEY * src);
238 
239 TSS2_RC
240 ifapi_copy_ifapi_hierarchy(
241     IFAPI_HIERARCHY * dest,
242     const IFAPI_HIERARCHY * src);
243 
244 TSS2_RC
245 ifapi_copy_ifapi_key_object(
246     IFAPI_OBJECT * dest,
247     const IFAPI_OBJECT * src);
248 
249 TSS2_RC
250 ifapi_copy_ifapi_hierarchy_object(
251     IFAPI_OBJECT * dest,
252     const IFAPI_OBJECT * src);
253 
254 
255 void ifapi_cleanup_ifapi_key(
256     IFAPI_KEY * key);
257 
258 void ifapi_cleanup_ifapi_ext_pub_key(
259     IFAPI_EXT_PUB_KEY * key);
260 
261 void ifapi_cleanup_ifapi_hierarchy(
262     IFAPI_HIERARCHY * hierarchy);
263 
264 void ifapi_cleanup_ifapi_nv(
265     IFAPI_NV * nv);
266 
267 void ifapi_cleanup_ifapi_duplicate(
268     IFAPI_DUPLICATE * duplicate);
269 
270 void ifapi_cleanup_ifapi_key_search(
271     IFAPI_KEY_SEARCH * key_search);
272 
273 void ifapi_cleanup_ifapi_keystore(
274     IFAPI_KEYSTORE * keystore);
275 
276 void
277 ifapi_cleanup_ifapi_object(
278     IFAPI_OBJECT *object);
279 
280 TSS2_RC
281 ifapi_check_provisioned(
282     IFAPI_KEYSTORE *keystore,
283     const char *rel_path,
284     bool *ok);
285 
286 #endif /* IFAPI_KEYSTORE_H */
287