1 /* SPDX-License-Identifier: BSD-2-Clause */ 2 /******************************************************************************* 3 * Copyright 2018-2019, Fraunhofer SIT sponsored by Infineon Technologies AG 4 * All rights reserved. 5 ******************************************************************************/ 6 #ifndef IFAPI_POLICY_TYPES_H 7 #define IFAPI_POLICY_TYPES_H 8 9 #include "tss2_tpm2_types.h" 10 #include "fapi_types.h" 11 12 typedef UINT32 TPMI_POLICYTYPE; 13 #define POLICYELEMENTS 0 14 #define POLICYOR 1 /**< None */ 15 #define POLICYSIGNED 2 /**< None */ 16 #define POLICYSECRET 3 /**< None */ 17 #define POLICYPCR 4 /**< None */ 18 #define POLICYLOCALITY 5 /**< None */ 19 #define POLICYNV 6 /**< None */ 20 #define POLICYCOUNTERTIMER 7 /**< None */ 21 #define POLICYCOMMANDCODE 8 /**< None */ 22 #define POLICYPHYSICALPRESENCE 9 /**< None */ 23 #define POLICYCPHASH 10 /**< None */ 24 #define POLICYNAMEHASH 11 /**< None */ 25 #define POLICYDUPLICATIONSELECT 12 /**< None */ 26 #define POLICYAUTHORIZE 13 /**< None */ 27 #define POLICYAUTHVALUE 14 /**< None */ 28 #define POLICYPASSWORD 15 /**< None */ 29 #define POLICYNVWRITTEN 16 /**< None */ 30 #define POLICYTEMPLATE 17 /**< None */ 31 #define POLICYAUTHORIZENV 18 /**< None */ 32 #define POLICYACTION 19 /**< None */ 33 34 /** Policy type TPMS_POLICYSIGNED 35 */ 36 typedef struct { 37 TPM2B_NONCE nonceTPM; /**< This is a value returned by TPM2_StartAuthSession and thus n */ 38 TPM2B_DIGEST cpHashA; /**< This value will be automatically generated by the FAPI. */ 39 TPM2B_NONCE policyRef; /**< Default is zero-length */ 40 INT32 expiration; /**< This value will be -1 by the FAPI */ 41 TPMT_SIGNATURE auth; /**< This value is generated from at runtime via a callback. */ 42 TPM2B_NAME publicKey; /**< This will be automatically generated from keyPath, keyPublic */ 43 char *publicKeyHint; /**< A human readable hint to denote which public key to use. */ 44 char *keyPath; /**< A reference to a key inside the FAPI keystore */ 45 TPMT_PUBLIC keyPublic; /**< None */ 46 char *keyPEM; /**< <p>The TPM2B_NAME is constructed with a TPMT_PUBLIC from this */ 47 TPMI_ALG_HASH keyPEMhashAlg; /**< (optional) Default = SHA256 */ 48 TPMT_RSA_SCHEME rsaScheme; /**< (optional) Default = TPM2_ALG_RSAPSS */ 49 TPMT_SIGNATURE signature_tpm; 50 } TPMS_POLICYSIGNED; 51 52 /** Policy type TPMS_POLICYSECRET 53 */ 54 typedef struct { 55 TPM2B_NONCE nonceTPM; /**< None */ 56 TPM2B_DIGEST cpHashA; /**< None */ 57 TPM2B_NONCE policyRef; /**< Default is zero length */ 58 INT32 expiration; /**< None */ 59 char *objectPath; /**< Path of the object */ 60 TPM2B_NAME objectName; /**< Public name of the object */ 61 } TPMS_POLICYSECRET; 62 63 /** Policy type TPMS_POLICYLOCALITY 64 */ 65 typedef struct { 66 TPMA_LOCALITY locality; /**< None */ 67 } TPMS_POLICYLOCALITY; 68 69 /** Policy type TPMS_POLICYNV 70 */ 71 typedef struct { 72 char *nvPath; /**< None */ 73 TPMI_RH_NV_INDEX nvIndex; /**< None */ 74 TPM2B_NV_PUBLIC nvPublic; /**< None */ 75 TPMI_RH_NV_AUTH authHandle; /**< This is determined by FAPI at runtime. */ 76 TPM2B_OPERAND operandB; /**< None */ 77 UINT16 offset; /**< Default value is 0 */ 78 TPM2_EO operation; /**< Default value is EQUAL */ 79 } TPMS_POLICYNV; 80 81 /** Policy type TPMS_POLICYCOUNTERTIMER 82 */ 83 typedef struct { 84 TPM2B_OPERAND operandB; /**< None */ 85 UINT16 offset; /**< Default is 0 */ 86 TPM2_EO operation; /**< None */ 87 } TPMS_POLICYCOUNTERTIMER; 88 89 /** Policy type TPMS_POLICYCOMMANDCODE 90 */ 91 typedef struct { 92 TPM2_CC code; /**< None */ 93 } TPMS_POLICYCOMMANDCODE; 94 95 /** Policy type TPMS_POLICYPHYSICALPRESENCE 96 */ 97 typedef struct { 98 } TPMS_POLICYPHYSICALPRESENCE; 99 100 /** Policy type TPMS_POLICYCPHASH 101 */ 102 typedef struct { 103 TPM2B_DIGEST cpHash; /**< None */ 104 } TPMS_POLICYCPHASH; 105 106 /** Policy type TPMS_POLICYNAMEHASH 107 */ 108 typedef struct { 109 UINT32 count; /**< Computed during instantiation */ 110 UINT32 i; /**< Temporary index for policy calculation */ 111 TPM2B_NAME objectNames[3]; /**< computed during instantiation (if not initialized) */ 112 char *namePaths[3]; /**< Paths of objects used for retrieving the names */ 113 TPM2B_DIGEST nameHash; /**< computed during policy calculation */ 114 } TPMS_POLICYNAMEHASH; 115 116 /** Policy type TPMS_POLICYDUPLICATIONSELECT 117 */ 118 typedef struct { 119 TPM2B_NAME objectName; /**< Will not be used (see includeObject) */ 120 TPM2B_NAME newParentName; /**< Automatically calculated */ 121 TPMI_YES_NO includeObject; /**< Always NO */ 122 char *newParentPath; /**< None */ 123 TPM2B_PUBLIC newParentPublic; /**< None */ 124 } TPMS_POLICYDUPLICATIONSELECT; 125 126 /** Policy type TPMS_POLICYAUTHORIZATION 127 */ 128 typedef struct { 129 char *type; /**< tpm */ 130 TPMT_PUBLIC key; /**< Selector of the algorithm used for the signature and the pub */ 131 TPM2B_NONCE policyRef; /**< None */ 132 TPMT_SIGNATURE signature; /**< None */ 133 TPMI_ALG_HASH keyPEMhashAlg; 134 UINT8_ARY pemSignature; 135 char *keyPEM; 136 TPMT_RSA_SCHEME rsaScheme; 137 } TPMS_POLICYAUTHORIZATION; 138 139 typedef struct policy_object_node POLICY_OBJECT; 140 141 /** Policy type TPMS_POLICYAUTHORIZE 142 */ 143 typedef struct { 144 TPM2B_DIGEST approvedPolicy; /**< None */ 145 TPM2B_NONCE policyRef; /**< None */ 146 TPM2B_NAME keyName; /**< Not exposed in JSON, but generated from keyPath, keyPublic o */ 147 TPMT_TK_VERIFIED checkTicket; /**< None */ 148 char *keyPath; /**< A reference to a key inside the FAPI keystore */ 149 TPMT_PUBLIC keyPublic; /**< None */ 150 char *keyPEM; /**< <p> everyone in favour<br /> The TPM2B_NAME is constructed w */ 151 TPMI_ALG_HASH keyPEMhashAlg; /**< (optional) Default = SHA256 */ 152 TPMT_RSA_SCHEME rsaScheme; /**< (optional) Default = TPM2_ALG_RSAPSS */ 153 TPMT_SIGNATURE signature; 154 } TPMS_POLICYAUTHORIZE; 155 156 /** Policy type TPMS_POLICYAUTHVALUE 157 */ 158 typedef struct { 159 } TPMS_POLICYAUTHVALUE; 160 161 /** Policy type TPMS_POLICYPASSWORD 162 */ 163 typedef struct { 164 } TPMS_POLICYPASSWORD; 165 166 /** Policy type TPMS_POLICYNVWRITTEN 167 */ 168 typedef struct { 169 TPMI_YES_NO writtenSet; /**< Default is yes */ 170 } TPMS_POLICYNVWRITTEN; 171 172 /** Policy type TPMS_POLICYTEMPLATE 173 */ 174 typedef struct { 175 TPM2B_DIGEST templateHash; /**< None */ 176 TPM2B_PUBLIC templatePublic; /**< None */ 177 char *templateName; /**< None */ 178 } TPMS_POLICYTEMPLATE; 179 180 /** Policy type TPMS_POLICYAUTHORIZENV 181 */ 182 typedef struct { 183 char *nvPath; /**< None */ 184 TPM2B_NV_PUBLIC nvPublic; /**< None */ 185 TPM2B_DIGEST policy; /**< Policy Digest */ 186 TPMT_HA nv_policy; /**< Policy stored in NV ram */ 187 uint8_t *policy_buffer; 188 } TPMS_POLICYAUTHORIZENV; 189 190 /** Policy type TPMS_POLICYACTION 191 */ 192 typedef struct { 193 char *action; /**< The FAPI will return a string representation of the JSON sub */ 194 } TPMS_POLICYACTION; 195 196 /** Policy type TPMS_PCRVALUE 197 */ 198 typedef struct { 199 UINT32 pcr; /**< None */ 200 TPM2_ALG_ID hashAlg; /**< None */ 201 TPMU_HA digest; /**< None */ 202 } TPMS_PCRVALUE; 203 204 /** Policy type TPML_PCRVALUES 205 */ 206 typedef struct TPML_PCRVALUES { 207 UINT32 count; /**< None */ 208 TPMS_PCRVALUE pcrs[]; /**< Array of pcr values */ 209 } TPML_PCRVALUES; 210 211 /** Policy type TPMS_POLICYPCR 212 */ 213 typedef struct { 214 struct TPML_PCRVALUES *pcrs; /**< None */ 215 TPMS_PCR_SELECT currentPCRs; /**< The hashAlg are inferred from */ 216 TPML_PCR_SELECTION currentPCRandBanks; /**< Complete selection with banks */ 217 } TPMS_POLICYPCR; 218 219 /** Policy type TPML_POLICYAUTHORIZATIONS 220 */ 221 typedef struct TPML_POLICYAUTHORIZATIONS { 222 UINT32 count; /**< None */ 223 TPMS_POLICYAUTHORIZATION authorizations[]; /**< Array of policy elements */ 224 } TPML_POLICYAUTHORIZATIONS; 225 226 typedef struct TPML_POLICYELEMENTS TPML_POLICYELEMENTS; 227 228 /** Policy type TPMS_POLICYBRANCH 229 */ 230 typedef struct { 231 char *name; /**< None */ 232 char *description; /**< None */ 233 TPML_DIGEST_VALUES policyDigests; 234 struct TPML_POLICYELEMENTS *policy; /**< Array of policy elements */ 235 } TPMS_POLICYBRANCH; 236 237 /** Policy type TPML_POLICYBRANCHES 238 */ 239 typedef struct TPML_POLICYBRANCHES { 240 UINT32 count; /**< None */ 241 TPMS_POLICYBRANCH authorizations[]; /**< Array of policy elements */ 242 } TPML_POLICYBRANCHES; 243 244 /** Policy type TPMS_POLICYOR 245 */ 246 typedef struct { 247 struct TPML_POLICYBRANCHES *branches; /**< An (infinite) array of policy elements. This does not contai */ 248 } TPMS_POLICYOR; 249 250 /** [u''] 251 */ 252 typedef union { 253 TPMS_POLICYOR PolicyOr; /**< None */ 254 TPMS_POLICYSIGNED PolicySigned; /**< None */ 255 TPMS_POLICYSECRET PolicySecret; /**< None */ 256 TPMS_POLICYPCR PolicyPCR; /**< None */ 257 TPMS_POLICYLOCALITY PolicyLocality; /**< None */ 258 TPMS_POLICYNV PolicyNV; /**< None */ 259 TPMS_POLICYCOUNTERTIMER PolicyCounterTimer; /**< None */ 260 TPMS_POLICYCOMMANDCODE PolicyCommandCode; /**< None */ 261 TPMS_POLICYPHYSICALPRESENCE PolicyPhysicalPresence; /**< None */ 262 TPMS_POLICYCPHASH PolicyCpHash; /**< None */ 263 TPMS_POLICYNAMEHASH PolicyNameHash; /**< None */ 264 TPMS_POLICYDUPLICATIONSELECT PolicyDuplicationSelect; /**< None */ 265 TPMS_POLICYAUTHORIZE PolicyAuthorize; /**< None */ 266 TPMS_POLICYAUTHVALUE PolicyAuthValue; /**< None */ 267 TPMS_POLICYPASSWORD PolicyPassword; /**< None */ 268 TPMS_POLICYNVWRITTEN PolicyNvWritten; /**< None */ 269 TPMS_POLICYTEMPLATE PolicyTemplate; /**< None */ 270 TPMS_POLICYAUTHORIZENV PolicyAuthorizeNv; /**< None */ 271 TPMS_POLICYACTION PolicyAction; /**< None */ 272 } TPMU_POLICYELEMENT; 273 274 /** Policy type TPMT_POLICYELEMENT 275 */ 276 typedef struct { 277 TPMI_POLICYTYPE type; /**< None */ 278 TPML_DIGEST_VALUES policyDigests; /**< None */ 279 TPMU_POLICYELEMENT element; /**< The union does is not embedded inside a field. */ 280 } TPMT_POLICYELEMENT; 281 282 /** Policy type TPML_POLICYELEMENTS 283 */ 284 struct TPML_POLICYELEMENTS { 285 UINT32 count; /**< None */ 286 TPMT_POLICYELEMENT elements[]; /**< Array of policy elements */ 287 }; 288 289 /** Policy type TPMS_POLICY 290 */ 291 typedef struct TPMS_POLICY { 292 char *description; /**< O */ 293 TPML_DIGEST_VALUES policyDigests; /**< O */ 294 struct TPML_POLICYAUTHORIZATIONS *policyAuthorizations; /**< O */ 295 struct TPML_POLICYELEMENTS *policy; /**< X */ 296 } TPMS_POLICY; 297 298 #endif /* IFAPI_POLICY_TYPES_H */ 299