1 /* SPDX-License-Identifier: BSD-2-Clause */ 2 /******************************************************************************* 3 * Copyright 2018-2019, Fraunhofer SIT sponsored by Infineon Technologies AG 4 * All rights reserved. 5 ******************************************************************************/ 6 #ifndef FAPI_INT_H 7 #define FAPI_INT_H 8 9 #include "fapi_types.h" 10 #include "ifapi_policy_types.h" 11 #include "ifapi_policy_instantiate.h" 12 #include "ifapi_eventlog.h" 13 #include "ifapi_io.h" 14 #include "ifapi_profiles.h" 15 #include "ifapi_macros.h" 16 #include "ifapi_keystore.h" 17 #include "ifapi_policy_store.h" 18 #include "ifapi_config.h" 19 20 #include <stdlib.h> 21 #include <stdint.h> 22 #include <unistd.h> 23 #include <string.h> 24 #include <inttypes.h> 25 #include <stdarg.h> 26 #include <stdbool.h> 27 #include <sys/stat.h> 28 #include <stdio.h> 29 #include <errno.h> 30 #include <fcntl.h> 31 #include <json-c/json.h> 32 #include <poll.h> 33 34 #include "tss2_esys.h" 35 #include "tss2_fapi.h" 36 37 #define DEFAULT_LOG_DIR "/run/tpm2_tss" 38 #define IFAPI_PCR_LOG_FILE "pcr.log" 39 #define IFAPI_OBJECT_TYPE ".json" 40 #define IFAPI_OBJECT_FILE "object.json" 41 #define IFAPI_SRK_KEY_PATH "/HS/SRK" 42 #define IFAPI_EK_KEY_PATH "/HE/EK" 43 #define IFAPI_HS_PATH "/HS" 44 #define IFAPI_HE_PATH "/HE" 45 #define IFAPI_HN_PATH "/HN" 46 #define IFAPI_LOCKOUT_PATH "/LOCKOUT" 47 #define IFAPI_SRK_OBJECT_PATH "/HS/SRK/object.json" 48 #define IFAPI_HS_OBJECT_PATH "/HS/object.json" 49 50 typedef UINT32 TSS2_KEY_TYPE; 51 #define TSS2_SRK 2 52 #define TSS2_EK 3 53 #define MIN_EK_CERT_HANDLE 0x1c00000 54 #define MIN_PLATFORM_CERT_HANDLE 0x01C08000 55 #define MAX_PLATFORM_CERT_HANDLE 0x01C0FFFF 56 57 typedef UINT8 IFAPI_SESSION_TYPE; 58 #define IFAPI_SESSION_GENEK 0x01 59 #define IFAPI_SESSION1 0x02 60 #define IFAPI_SESSION2 0x04 61 62 #define IFAPI_POLICY_PATH "policy" 63 #define IFAPI_NV_PATH "nv" 64 #define IFAPI_EXT_PATH "ext" 65 #define IFAPI_FILE_DELIM "/" 66 #define IFAPI_LIST_DELIM ":" 67 #define IFAPI_FILE_DELIM_CHAR '/' 68 #define IFAPI_PUB_KEY_DIR "ext" 69 #define IFAPI_POLICY_DIR "policy" 70 #define IFAPI_PEM_PUBLIC_STRING "-----BEGIN PUBLIC KEY-----" 71 #define IFAPI_PEM_PRIVATE_KEY "-----PRIVATE KEY-----" 72 #define IFAPI_JSON_TAG_POLICY "policy" 73 #define IFAPI_JSON_TAG_OBJECT_TYPE "objectType" 74 #define IFAPI_JSON_TAG_DUPLICATE "public_parent" 75 76 #define FAPI_WRITE W_OK 77 #define FAPI_READ R_OK 78 79 #if TPM2_MAX_NV_BUFFER_SIZE > TPM2_MAX_DIGEST_BUFFER 80 #define IFAPI_MAX_BUFFER_SIZE TPM2_MAX_NV_BUFFER_SIZE 81 #else 82 #define IFAPI_MAX_BUFFER_SIZE TPM2_MAX_DIGEST_BUFFER 83 #endif 84 85 #define IFAPI_FLUSH_PARENT true 86 #define IFAPI_NOT_FLUSH_PARENT false 87 88 /* Definition of FAPI buffer for TPM2B transmission */ 89 typedef struct { 90 UINT16 size; 91 BYTE buffer[IFAPI_MAX_BUFFER_SIZE]; 92 } IFAPI_MAX_BUFFER; 93 94 #define OSSL_FREE(S,TYPE) if((S) != NULL) {TYPE##_free((void*) (S)); (S)=NULL;} 95 96 97 #define FAPI_COPY_DIGEST(dest_buffer, dest_size, src, src_size) \ 98 if (src_size > sizeof(TPMU_HA)) { \ 99 return_error(TSS2_FAPI_RC_BAD_VALUE, "Digest size too large."); \ 100 } \ 101 memcpy(dest_buffer, (src), (src_size)); \ 102 dest_size = src_size 103 104 #define HASH_UPDATE(CONTEXT, TYPE, OBJECT, R, LABEL) \ 105 { \ 106 uint8_t buffer[sizeof(TYPE)]; \ 107 size_t offset = 0; \ 108 R = Tss2_MU_ ## TYPE ## _Marshal(OBJECT, \ 109 &buffer[0], sizeof(TYPE), &offset); \ 110 goto_if_error(R, "Marshal for hash update", LABEL); \ 111 R = ifapi_crypto_hash_update(CONTEXT, \ 112 (const uint8_t *) &buffer[0], \ 113 offset); \ 114 goto_if_error(R, "crypto hash update", LABEL); } 115 116 #define HASH_UPDATE_BUFFER(CONTEXT, BUFFER, SIZE, R, LABEL) \ 117 R = ifapi_crypto_hash_update(CONTEXT, \ 118 (const uint8_t *) BUFFER, SIZE) ; \ 119 goto_if_error(R, "crypto hash update", LABEL); 120 121 #define FAPI_SYNC(r,msg,label, ...) \ 122 if (base_rc(r) == TSS2_BASE_RC_TRY_AGAIN) \ 123 return TSS2_FAPI_RC_TRY_AGAIN; \ 124 if (r != TSS2_RC_SUCCESS) { \ 125 LOG_ERROR(TPM2_ERROR_FORMAT " " msg, TPM2_ERROR_TEXT(r), ## __VA_ARGS__); \ 126 goto label; \ 127 } 128 129 /** The states for the FAPI's object authorization state*/ 130 enum IFAPI_GET_CERT_STATE { 131 GET_CERT_INIT = 0, 132 GET_CERT_WAIT_FOR_GET_CAP, 133 GET_CERT_GET_CERT_NV, 134 GET_CERT_GET_CERT_NV_FINISH, 135 GET_CERT_GET_CERT_READ_PUBLIC, 136 GET_CERT_GET_CERT_READ_HIERARCHY, 137 GET_CERT_READ_CERT 138 }; 139 140 /** The states for the FAPI's cleanup after successful command execution*/ 141 enum IFAPI_CLEANUP_STATE { 142 CLEANUP_INIT = 0, 143 CLEANUP_SESSION1, 144 CLEANUP_SESSION2, 145 CLEANUP_SRK 146 }; 147 148 #define IFAPI_MAX_CAP_INFO 17 149 150 typedef struct { 151 char *description; 152 TPMS_CAPABILITY_DATA *capability; 153 } IFAPI_CAP_INFO; 154 155 typedef struct { 156 char *fapi_version; /**< The version string of FAPI */ 157 IFAPI_CONFIG fapi_config; /**< The configuration information */ 158 IFAPI_CAP_INFO cap[IFAPI_MAX_CAP_INFO]; 159 } IFAPI_INFO; 160 161 /** Type for representing FAPI template for keys 162 */ 163 typedef struct { 164 TPMI_YES_NO system; /**< Store the object in the system wide 165 directory */ 166 TPMI_YES_NO persistent; /**< Store key persistent in NV ram. */ 167 UINT32 persistent_handle; /**< < Persistent handle which should be used */ 168 TPM2B_PUBLIC public; /**< Template for public data */ 169 } IFAPI_KEY_TEMPLATE; 170 171 /** Type for representing template for NV objects 172 */ 173 typedef struct { 174 TPMI_YES_NO system; /**< Store the object in the system wide 175 directory */ 176 TPMI_RH_HIERARCHY hierarchy; /**< Hierarchy for NV object. */ 177 char *description; /**< Description of template. */ 178 TPMS_NV_PUBLIC public; /**< Template for public data */ 179 } IFAPI_NV_TEMPLATE; 180 181 /** Type for representing a external public key 182 */ 183 typedef struct { 184 TPMT_SIG_SCHEME sig_scheme; /**< Signature scheme used for quote. */ 185 TPMS_ATTEST attest; /**< Attestation data from Quote */ 186 } FAPI_QUOTE_INFO; 187 188 189 /** The states for the FAPI's NV read state */ 190 enum _FAPI_STATE_NV_READ { 191 NV_READ_INIT = 0, 192 NV_READ_AUTHORIZE, 193 NV_READ_AUTHORIZE2, 194 NV_READ_AUTH_SENT 195 }; 196 197 /** The states for the FAPI's NV write state */ 198 enum _FAPI_STATE_NV_WRITE { 199 NV2_WRITE_INIT = 0, 200 NV2_WRITE_READ, 201 NV2_WRITE_WAIT_FOR_SESSSION, 202 NV2_WRITE_NULL_AUTH_SENT, 203 NV2_WRITE_AUTH_SENT, 204 NV2_WRITE_WRITE_PREPARE, 205 NV2_WRITE_WRITE, 206 NV2_WRITE_AUTHORIZE, 207 NV2_WRITE_AUTHORIZE2 208 }; 209 210 /** The data structure holding internal state of Fapi NV commands. 211 */ 212 typedef struct { 213 char *nvPath ; /**< The name of the file for object serialization */ 214 char *policyPath; /**< The name of the policy file */ 215 TPM2B_NV_PUBLIC public; /**< The public info of the NV object. */ 216 ESYS_TR esys_auth_handle; /**< The ESAPI handle for the NV auth object */ 217 ESYS_TR esys_handle; /**< The ESAPI handle for the NV object */ 218 size_t numBytes; /**< The number of bytes of a ESYS request */ 219 UINT16 bytesRequested; /**< Bytes currently requested from TPM */ 220 UINT16 offset; /**< Offset in TPM memory TPM */ 221 size_t data_idx; /**< Offset in the read buffer */ 222 const uint8_t *data; /**< Buffer for data to be written */ 223 uint8_t *rdata; /**< Buffer for data to be read */ 224 size_t size; /**< size of rdata */ 225 IFAPI_OBJECT auth_object; /**< Object used for authentication */ 226 IFAPI_OBJECT nv_object; /**< Deserialized NV object */ 227 TPM2B_AUTH auth; /**< The Password */ 228 IFAPI_NV nv_obj; /**< The NV Object */ 229 ESYS_TR auth_index; /**< The ESAPI handle of the authorization object */ 230 uint64_t bitmap; /**< The bitmask for the SetBits command */ 231 IFAPI_NV_TEMPLATE public_templ; /**< The template for nv creation, adjusted 232 appropriate by the passed flags */ 233 enum _FAPI_STATE_NV_READ nv_read_state; /**< The current state of NV read */ 234 enum _FAPI_STATE_NV_WRITE nv_write_state; /**< The current state of NV write*/ 235 uint8_t *write_data; 236 char *logData; /**< The event log for NV objects of type pcr */ 237 json_object *jso_event_log; /**< logData in JSON format */ 238 TPMI_RH_NV_INDEX maxNvIndex; /**< Max index for search for free index */ 239 IFAPI_EVENT pcr_event; /**< Event to be added to log */ 240 TPML_DIGEST_VALUES digests; /**< Digest for the event data of an extend */ 241 bool skip_policy_computation; /**< switch whether policy needs to be computed */ 242 } IFAPI_NV_Cmds; 243 244 /** The data structure holding internal state of Fapi_Initialize command. 245 */ 246 typedef struct { 247 TPMS_CAPABILITY_DATA *capability; /* TPM capability data to check available algs */ 248 char **pathlist; /**< The array with all keystore objects */ 249 size_t numPaths; /**< Size of array with all keystore objects */ 250 size_t numNullPrimaries; /**< Number of NULL hierarchy primaries 251 stored in keystore */ 252 size_t primary_idx; /**< Index to the current primary */ 253 size_t path_idx; /**< Index of array with the object paths */ 254 IFAPI_OBJECT *null_primaries; /**< Array of the NULL hierarchy primaries. */ 255 } IFAPI_INITIALIZE; 256 257 /** The data structure holding internal state of Fapi_PCR commands. 258 */ 259 typedef struct { 260 TPML_DIGEST_VALUES digest_list; /**< The digest list computed for the event */ 261 TPML_DIGEST_VALUES *event_digests; /**< The digest list computed by TPM2_Event */ 262 ESYS_TR PCR; /**< The handle of the PCR register to be extended */ 263 TPML_PCR_SELECTION pcr_selection; /**< Selection used for Read and Quote */ 264 TPML_PCR_SELECTION *pcr_selection_out; /**< Selection returned by PCR_Read */ 265 UINT32 update_count; 266 TPML_DIGEST *pcrValues; /* The values returned by PCR_Read */ 267 TPM2_HANDLE pcrIndex; 268 TPMI_ALG_HASH hashAlg; 269 const char *keyPath; /**< The implicit key path for PCR_Quote */ 270 ESYS_TR handle; /**< The ESYS handle of the signing key */ 271 IFAPI_OBJECT *key_object; /**< The IPAPI object of the signing key */ 272 TPMS_CAPABILITY_DATA *capabilityData; /* TPM capability data to check available algs */ 273 uint32_t *pcrList; /**< Array of PCR numbers */ 274 size_t pcrListSize; /**< Size of PCR array */ 275 TPM2B_DATA qualifyingData; /**< Nonce for quote command */ 276 uint8_t const *eventData; 277 TPM2B_EVENT event; 278 size_t eventDataSize; 279 uint32_t const *hashAlgs; 280 uint32_t *hashAlgs2; 281 size_t numHashAlgs; 282 char const *quoteInfo; 283 TPM2B_ATTEST *tpm_quoted; 284 TPMT_SIGNATURE *tpm_signature; 285 uint8_t *signature; 286 size_t signatureSize; 287 char const *logData; 288 char *pcrLog; 289 IFAPI_EVENT pcr_event; 290 json_object *event_list; 291 FAPI_QUOTE_INFO fapi_quote_info; 292 uint8_t *pcrValue; 293 size_t pcrValueSize; 294 char *event_log_file; 295 } IFAPI_PCR; 296 297 /** The data structure holding internal state of Fapi_SetDescription. 298 */ 299 typedef struct { 300 char *description; /**< The description of the object */ 301 UINT8_ARY appData; /**< Application data to be stored in object store. */ 302 IFAPI_OBJECT object; /**< The IPAPI object to store the info*/ 303 char *object_path; /**< The realative path to the object */ 304 json_object *jso; /**< JSON object for storing the AppData */ 305 char *jso_string; /**< JSON deserialized buffer */ 306 } IFAPI_Path_SetDescription; 307 308 /** The data structure holding internal state of Fapi_GetRandom. 309 */ 310 typedef struct { 311 size_t numBytes; /**< The number of random bytes to be generated */ 312 size_t idx; /**< Current position in output buffer. */ 313 UINT16 bytesRequested; /**< Byted currently requested from TPM */ 314 uint8_t *data; /**< The buffer for the random data */ 315 uint8_t *ret_data; /**< The result buffer. */ 316 } IFAPI_GetRandom; 317 318 /** The data structure holding internal state of Fapi_Key_Setcertificate. 319 */ 320 typedef struct { 321 const char *pem_cert; /**< The certifificate in pem or format */ 322 char *pem_cert_dup; /**< The allocate certifificate */ 323 const char *key_path; /**< The absolute key path */ 324 NODE_STR_T *path_list; /**< The computed explicit path */ 325 IFAPI_OBJECT key_object; /**< The IPAPI object for the certified key */ 326 } IFAPI_Key_SetCertificate; 327 328 /** The states for the FAPI's key creation */ 329 enum IFAPI_KEY_CREATE_STATE { 330 KEY_CREATE_INIT = 0, 331 KEY_CREATE_WAIT_FOR_SESSION, 332 KEY_CREATE_WAIT_FOR_PARENT, 333 KEY_CREATE_AUTH_SENT, 334 KEY_CREATE_WAIT_FOR_LOAD_AUTHORIZATION, 335 KEY_CREATE_WAIT_FOR_KEY, 336 KEY_CREATE_WAIT_FOR_HIERARCHY, 337 KEY_CREATE_AUTHORIZE_HIERARCHY, 338 KEY_CREATE_WAIT_FOR_EVICT_CONTROL, 339 KEY_CREATE_WRITE_PREPARE, 340 KEY_CREATE_WRITE, 341 KEY_CREATE_FLUSH1, 342 KEY_CREATE_FLUSH2, 343 KEY_CREATE_CALCULATE_POLICY, 344 KEY_CREATE_WAIT_FOR_AUTHORIZATION, 345 KEY_CREATE_CLEANUP, 346 KEY_CREATE_WAIT_FOR_RANDOM, 347 KEY_CREATE_PRIMARY_INIT, 348 KEY_CREATE_PRIMARY_WAIT_FOR_SESSION, 349 KEY_CREATE_PRIMARY_WAIT_FOR_HIERARCHY, 350 KEY_CREATE_PRIMARY_WAIT_FOR_AUTHORIZE1, 351 KEY_CREATE_PRIMARY_WAIT_FOR_AUTHORIZE2, 352 KEY_CREATE_PRIMARY_WAIT_FOR_PRIMARY, 353 KEY_CREATE_PRIMARY_WAIT_FOR_EVICT_CONTROL, 354 KEY_CREATE_PRIMARY_FLUSH, 355 KEY_CREATE_PRIMARY_WRITE_PREPARE, 356 KEY_CREATE_PRIMARY_WRITE, 357 KEY_CREATE_PRIMARY_CLEANUP 358 }; 359 360 /** The data structure holding internal state of Fapi_CreateKey. 361 */ 362 typedef struct { 363 enum IFAPI_KEY_CREATE_STATE state; 364 const char *keyPath; /**< The pathname from the application */ 365 NODE_STR_T *path_list; /**< The computed explicit path */ 366 IFAPI_OBJECT parent; /**< The parent of the key for used for creation. */ 367 IFAPI_OBJECT object; /**< The current object. */ 368 IFAPI_KEY_TEMPLATE public_templ; /**< The template for the keys public data */ 369 TPM2B_PUBLIC public; /**< The public data of the key */ 370 IFAPI_OBJECT hierarchy; /**< The current used hierarchy for CreatePrimary */ 371 TPM2B_SENSITIVE_CREATE inSensitive; 372 TPM2B_DATA outsideInfo; 373 TPML_PCR_SELECTION creationPCR; 374 ESYS_TR handle; 375 const char *authValue; 376 const char *policyPath; 377 const IFAPI_PROFILE *profile; 378 bool gen_sensitive_random; /**< Switch whether sensitive ransom data 379 has to be created. */ 380 } IFAPI_Key_Create; 381 382 /** The data structure holding internal state of Fapi_EncryptDecrypt. 383 */ 384 typedef struct { 385 char const *keyPath; /**< The implicit key path */ 386 uint8_t const *in_data; 387 size_t in_dataSize; 388 IFAPI_OBJECT *key_object; /**< The IPAPI object for the encryption key */ 389 uint8_t *out_data; /**< The output of symmetric encrypt/decryption */ 390 ESYS_TR key_handle; /**< The ESYS handle of the encryption key */ 391 size_t numBytes; /**< The number of bytes of a ESYS request */ 392 size_t decrypt; /**< Switch whether to encrypt or decrypt */ 393 UINT16 bytesRequested; /**< Bytes currently requested from TPM */ 394 TPMT_RSA_DECRYPT rsa_scheme; 395 ESYS_TR object_handle; 396 char *policy_path; 397 ESYS_TR auth_session; 398 const IFAPI_PROFILE *profile; 399 uint8_t *plainText; 400 size_t plainTextSize; 401 uint8_t *cipherText; 402 size_t cipherTextSize; 403 } IFAPI_Data_EncryptDecrypt; 404 405 /** The states for signing */ 406 enum FAPI_SIGN_STATE { 407 SIGN_INIT = 0, 408 SIGN_WAIT_FOR_SESSION, 409 SIGN_WAIT_FOR_KEY, 410 SIGN_AUTH_SENT, 411 SIGN_WAIT_FOR_FLUSH 412 }; 413 414 /** The data structure holding internal state of Fapi_Sign. 415 */ 416 typedef struct { 417 enum FAPI_SIGN_STATE state; /**< The state of the signing operation */ 418 const char *keyPath; /**< The implicit key path */ 419 ESYS_TR handle; /**< The ESYS handle of the signing key */ 420 TPM2B_DIGEST digest; /**< The digest to be signed */ 421 TPMT_SIG_SCHEME scheme; /**< The signature scheme from profile */ 422 IFAPI_OBJECT *key_object; /**< The IPAPI object of the signing key */ 423 TPMT_SIGNATURE *tpm_signature; /**< The signature in TPM format */ 424 TPMI_YES_NO decrypt; /**< Switch for symmetric algs */ 425 TPMT_SIGNATURE *signature; /**< Produced TPM singature */ 426 char const *padding; /**< Optional padding parameter for key sign. */ 427 char *certificate; /**< Certificate of the signing key. */ 428 uint8_t *ret_signature; /**< Result signature */ 429 size_t signatureSize; 430 char *publicKey; /**< Public key of the signing key. */ 431 } IFAPI_Key_Sign; 432 433 /** The data structure holding internal state of Fapi_Unseal. 434 */ 435 typedef struct { 436 const char *keyPath; /**< The implicit key path */ 437 IFAPI_OBJECT *object; /**< The IPAPI object storing the data to be unsealed */ 438 TPM2B_SENSITIVE_DATA *unseal_data; /** The result of the esys unseal operation */ 439 } IFAPI_Unseal; 440 441 442 /** The data structure holding internal state of Fapi_GetInfo. 443 */ 444 typedef struct { 445 TPMS_CAPABILITY_DATA *capability_data; /**< The TPM capability for one property */ 446 TPMS_CAPABILITY_DATA *fetched_data; /**< The data fetched in one TPM command */ 447 size_t idx_info_cap; 448 IFAPI_INFO info_obj; 449 UINT32 property_count; 450 UINT32 property; 451 } IFAPI_GetInfo; 452 453 /** The states for the FAPI's hierarchy authorization state*/ 454 enum IFAPI_HIERACHY_AUTHORIZATION_STATE { 455 HIERARCHY_CHANGE_AUTH_INIT = 0, 456 HIERARCHY_CHANGE_AUTH_NULL_AUTH_SENT, 457 HIERARCHY_CHANGE_AUTH_AUTH_SENT 458 }; 459 460 /** The states for the FAPI's change policy authorization state*/ 461 enum IFAPI_HIERACHY_POLICY_AUTHORIZATION_STATE { 462 HIERARCHY_CHANGE_POLICY_INIT = 0, 463 HIERARCHY_CHANGE_POLICY_NULL_AUTH_SENT, 464 HIERARCHY_CHANGE_POLICY_AUTHORIZE, 465 HIERARCHY_CHANGE_POLICY_AUTH_SENT 466 }; 467 468 /** The data structure holding internal state of Fapi_ChangeAuth. 469 */ 470 typedef struct { 471 const char *entityPath; /**< The implicit key path */ 472 ESYS_TR handle; /**< The ESYS handle of the key */ 473 IFAPI_OBJECT *key_object; /**< The IPAPI object of the key */ 474 const char *authValue; /**< The new auth value */ 475 TPM2B_AUTH newAuthValue; /**< The new auth value */ 476 TPM2B_PRIVATE *newPrivate; /**< New private data created by parend */ 477 IFAPI_OBJECT object; /**< Deserialized NV object or hierarchy */ 478 ESYS_TR nv_index; /**< NV handle of the object to be changed */ 479 ESYS_TR hierarchy_handle; /**< NV handle of the hierarchy to be changed */ 480 } IFAPI_Entity_ChangeAuth; 481 482 /** The data structure holding internal state of Fapi_AuthorizePolicy. 483 */ 484 typedef struct { 485 const char *policyPath; /**< Policy with Policy to be authorized */ 486 const char *signingKeyPath; /**< Key for policy signing */ 487 TPM2B_DIGEST policyRef; 488 TPMS_POLICYAUTHORIZATION authorization; 489 } IFAPI_Fapi_AuthorizePolicy; 490 491 /** The data structure holding internal state of Fapi_WriteAuthorizeNv. 492 */ 493 typedef struct { 494 const char *policyPath; /**< Policy with Policy to be authorized */ 495 TPMI_ALG_HASH *hash_alg; /**< The hash alg used for digest computation */ 496 size_t hash_size; /**< The digest size */ 497 size_t digest_idx; /**< The index of the digest in the policy */ 498 } IFAPI_api_WriteAuthorizeNv; 499 500 /** The data structure holding internal state of Provisioning. 501 */ 502 typedef struct { 503 IFAPI_OBJECT hierarchy_lockout; /**< The lockout hierarchy */ 504 IFAPI_OBJECT hierarchy_hs; /**< The storage hierarchy */ 505 IFAPI_OBJECT hierarchy_he; /**< The endorsement hierarchy */ 506 IFAPI_OBJECT hierarchy_hn; /**< The null hierarchy */ 507 IFAPI_OBJECT *hierarchy; /**< The current hierarchy */ 508 TPMS_POLICY *hierarchy_policy; /**< Policy of the current used hierarchy. */ 509 IFAPI_KEY_TEMPLATE public_templ; /**< The basic template for the keys public data */ 510 TPM2B_PUBLIC public; /**< The public info of the created primary */ 511 char **pathlist; /**< The array with all keystore objects */ 512 size_t numPaths; /**< Size of array with all keystore objects */ 513 size_t numHierarchyObjects; /**< Number of hierarchies stored in keystore */ 514 size_t hiearchy_idx; /**< Index to the current hierarchy */ 515 size_t path_idx; /**< Index of array with the object paths */ 516 IFAPI_OBJECT *hierarchies; /**< Array of the hierarchies stored in keystore. */ 517 TPM2B_SENSITIVE_CREATE inSensitive; 518 TPM2B_DATA outsideInfo; 519 TPML_PCR_SELECTION creationPCR; 520 ESYS_TR handle; 521 const char *authValueLockout; 522 const char *authValueEh; 523 const char *policyPathEh; 524 const char *authValueSh; 525 const char *policyPathSh; 526 size_t digest_idx; 527 size_t hash_size; 528 TPM2_HANDLE cert_nv_idx; 529 TPM2B_NV_PUBLIC *nvPublic; 530 ESYS_TR esys_nv_cert_handle; 531 char *pem_cert; 532 TPM2_ALG_ID cert_key_type; 533 size_t cert_count; 534 size_t cert_idx; 535 TPMS_CAPABILITY_DATA *capabilityData; 536 IFAPI_OBJECT hierarchy_object; 537 TPM2B_AUTH hierarchy_auth; 538 TPM2B_DIGEST policy_digest; 539 char *intermed_crt; 540 char *root_crt; 541 TPMA_PERMANENT auth_state; 542 ESYS_TR srk_esys_handle; 543 ESYS_TR ek_esys_handle; 544 ESYS_TR srk_tpm_handle; 545 ESYS_TR ek_tpm_handle; 546 } IFAPI_Provision; 547 548 /** The data structure holding internal state of regenerate primary key. 549 */ 550 typedef struct { 551 char *path; /**< Path of the primary (starting with hierarchy) */ 552 IFAPI_OBJECT hierarchy; /**< The current used hierarchy for CreatePrimary */ 553 IFAPI_OBJECT pkey_object; 554 TPM2B_SENSITIVE_CREATE inSensitive; 555 TPM2B_DATA outsideInfo; 556 TPML_PCR_SELECTION creationPCR; 557 ESYS_TR handle; 558 TPMI_DH_PERSISTENT persistent_handle; 559 TPMS_CAPABILITY_DATA *capabilityData; 560 } IFAPI_CreatePrimary; 561 562 /** The data structure holding internal state of key verify signature. 563 */ 564 typedef struct { 565 const char *keyPath; 566 uint8_t const *signature; 567 size_t signatureSize; 568 uint8_t const *digest; 569 size_t digestSize; 570 IFAPI_OBJECT key_object; 571 } IFAPI_Key_VerifySignature; 572 573 /** The states for the FAPI's policy loading */ 574 enum IFAPI_STATE_POLICY { 575 POLICY_INIT = 0, 576 POLICY_READ, 577 POLICY_READ_FINISH, 578 POLICY_INSTANTIATE_PREPARE, 579 POLICY_INSTANTIATE, 580 POLICY_EXECUTE, 581 POLICY_FLUSH 582 }; 583 584 typedef struct IFAPI_POLICY_EXEC_CTX IFAPI_POLICY_EXEC_CTX; 585 typedef struct IFAPI_POLICYUTIL_STACK IFAPI_POLICYUTIL_STACK; 586 587 /** The states for session creation */ 588 enum FAPI_CREATE_SESSION_STATE { 589 CREATE_SESSION_INIT = 0, 590 CREATE_SESSION, 591 WAIT_FOR_CREATE_SESSION 592 }; 593 594 /** The data structure holding internal policy state. 595 */ 596 typedef struct { 597 enum IFAPI_STATE_POLICY state; 598 struct TPMS_POLICY policy; 599 size_t digest_idx; 600 size_t hash_size; 601 char **pathlist; /**< The array of all objects in the search path */ 602 TPMI_ALG_HASH hash_alg; 603 IFAPI_POLICY_EXEC_CTX *policy_stack; /**< The stack used for storing current policy information. 604 e.g. for retry the current index of policy elements hash 605 to be stored. */ 606 IFAPI_POLICYUTIL_STACK *util_current_policy; 607 IFAPI_POLICYUTIL_STACK *policyutil_stack; 608 /**< The stack used for storing current policy information. 609 e.g. for retry the current index of policy elements hash 610 to be stored. */ 611 ESYS_TR session; /**< Auxiliary variable to store created policy session. 612 The value will also be stored in the policy stack */ 613 enum FAPI_CREATE_SESSION_STATE create_session_state; 614 char *path; 615 IFAPI_POLICY_EVAL_INST_CTX eval_ctx; 616 } IFAPI_POLICY_CTX; 617 618 /** The states for the IFAPI's policy loading */ 619 enum IFAPI_STATE_FILE_SEARCH { 620 FSEARCH_INIT = 0, 621 FSEARCH_READ, 622 FSEARCH_OBJECT 623 }; 624 625 /** The data structure holding internal policy state. 626 */ 627 typedef struct { 628 enum IFAPI_STATE_FILE_SEARCH state; 629 char **pathlist; /**< The array of all objects in the search path */ 630 size_t path_idx; /**< Index of array of objects to be searched */ 631 size_t numPaths; /**< Number of all objects in data store */ 632 char *current_path; 633 } IFAPI_FILE_SEARCH_CTX; 634 635 /** The states for the FAPI's key loading */ 636 enum _FAPI_STATE_LOAD_KEY { 637 LOAD_KEY_GET_PATH = 0, 638 LOAD_KEY_READ_KEY, 639 LOAD_KEY_WAIT_FOR_PRIMARY, 640 LOAD_KEY_LOAD_KEY, 641 LOAD_KEY_AUTH, 642 LOAD_KEY_AUTHORIZE 643 }; 644 645 /** The data structure holding internal state of export key. 646 */ 647 typedef struct { 648 char const *pathOfKeyToDuplicate; /**< The relative path of the key to be exported */ 649 char const *pathToPublicKeyOfNewParent; /**< The relative path of the new parent */ 650 TPM2B_PUBLIC public_parent; /**< The public key of the new parent */ 651 IFAPI_OBJECT *key_object; /**< The IPAPI object of the key to be duplicated */ 652 IFAPI_OBJECT export_tree; /**< The complete tree to be exported */ 653 IFAPI_OBJECT pub_key; /**< The public part of the new parent */ 654 IFAPI_OBJECT dup_key; /**< The key to be duplicated or exported */ 655 struct TPMS_POLICY policy; 656 ESYS_TR handle_ext_key; 657 char *exportedData; 658 } IFAPI_ExportKey; 659 660 /** The data structure holding internal state of export policy. 661 */ 662 typedef struct { 663 char const *path; /**< Path of the object with the policy to be 664 exported */ 665 IFAPI_OBJECT object; /**< Object corresponding to path */ 666 TPMS_POLICY policy; /**< Policy from store be exported */ 667 TPMI_ALG_HASH hashAlg; /**< Index of profile used for digest computation. */ 668 size_t profile_idx; /**< hashAlg used for policy digest computation. */ 669 bool compute_policy; /**< Switch whether computation of the 670 policy for the default name hash alg 671 is needed. */ 672 } IFAPI_ExportPolicy; 673 674 /** The data structure holding internal state of import key. 675 */ 676 typedef struct { 677 IFAPI_OBJECT object; 678 TPM2B_NAME parent_name; 679 IFAPI_OBJECT *parent_object; 680 IFAPI_OBJECT new_object; 681 char *parent_path; 682 char *out_path; 683 TPM2B_PRIVATE *private; 684 char *jso_string; 685 const IFAPI_PROFILE *profile; 686 } IFAPI_ImportKey; 687 688 689 /** The data structure holding internal state of loading keys. 690 */ 691 typedef struct { 692 enum _FAPI_STATE_LOAD_KEY state; /**< The current state of key loading */ 693 NODE_STR_T *path_list; /**< The current used hierarchy for CreatePrimary */ 694 NODE_OBJECT_T *key_list; 695 IFAPI_OBJECT auth_object; 696 size_t position; 697 ESYS_TR handle; 698 ESYS_TR parent_handle; 699 bool parent_handle_persistent; 700 IFAPI_OBJECT *key_object; 701 char *key_path; 702 } IFAPI_LoadKey; 703 704 /** The data structure holding internal state of entity delete. 705 */ 706 typedef struct { 707 bool is_key; /**< Entity to be deleted is a key */ 708 bool is_persistent_key; /**< Entity to be deleted is a key */ 709 ESYS_TR new_object_handle; 710 TPM2_HANDLE permanentHandle; /**< The TPM permanent handle */ 711 IFAPI_OBJECT auth_object; /**< Object used for authentication */ 712 ESYS_TR auth_index; /**< The ESAPI handle of the nv authorization object */ 713 char *path; /**< The name of the file to be deleted */ 714 IFAPI_OBJECT object; /**< Deserialized object */ 715 char **pathlist; /**< The array with the object files to be deleted */ 716 size_t numPaths; /**< Size of array with the object files to be deleted */ 717 size_t path_idx; /**< Index of array with the object files to be deleted */ 718 } IFAPI_Entity_Delete; 719 720 /** The data structure holding internal state of esys get blob. 721 */ 722 typedef struct { 723 uint8_t type; /**< type of blob to be returned */ 724 uint8_t *data; /**< data of the blob to be returned */ 725 size_t length; /**< The size of the data to be returned */ 726 bool is_key; /**< Object is a key */ 727 bool is_persistent_key; /**< Object is a persistent key */ 728 ESYS_TR new_object_handle; 729 TPM2_HANDLE permanentHandle; /**< The TPM permanent handle */ 730 IFAPI_OBJECT auth_object; /**< Object used for authentication */ 731 ESYS_TR auth_index; /**< The ESAPI handle of the nv authorization object */ 732 char *path; /**< The path of the object */ 733 IFAPI_OBJECT object; /**< Deserialized object */ 734 IFAPI_OBJECT *key_object; /**< Loaded key object */ 735 } IFAPI_GetEsysBlob; 736 737 /** The data structure holding internal state of list entities. 738 */ 739 typedef struct { 740 const char *searchPath; /**< The path to searched for objectws */ 741 } IFAPI_Entities_List; 742 743 /** Union for all input parameters. 744 * 745 * The input parameters of a command need to be stored in order to enable 746 * resubmission. This type provides the corresponding facilities. 747 */ 748 typedef union { 749 IFAPI_Provision Provision; 750 IFAPI_Key_Create Key_Create; 751 IFAPI_Key_SetCertificate Key_SetCertificate; 752 IFAPI_Entity_ChangeAuth Entity_ChangeAuth; 753 IFAPI_Entity_Delete Entity_Delete; 754 IFAPI_GetEsysBlob GetEsysBlob; 755 IFAPI_Entities_List Entities_List; 756 IFAPI_Key_VerifySignature Key_VerifySignature; 757 IFAPI_Data_EncryptDecrypt Data_EncryptDecrypt; 758 IFAPI_PCR pcr; 759 IFAPI_INITIALIZE Initialize; 760 IFAPI_Path_SetDescription path_set_info; 761 IFAPI_Fapi_AuthorizePolicy Policy_AuthorizeNewPolicy; 762 IFAPI_api_WriteAuthorizeNv WriteAuthorizeNV; 763 IFAPI_ExportKey ExportKey; 764 IFAPI_ImportKey ImportKey; 765 IFAPI_Unseal Unseal; 766 IFAPI_GetInfo GetInfo; 767 IFAPI_ExportPolicy ExportPolicy; 768 } IFAPI_CMD_STATE; 769 770 /** The states for the FAPI's primary key regeneration */ 771 enum _FAPI_STATE_PRIMARY { 772 PRIMARY_INIT = 0, 773 PRIMARY_READ_KEY, 774 PRIMARY_READ_HIERARCHY, 775 PRIMARY_READ_HIERARCHY_FINISH, 776 PRIMARY_AUTHORIZE_HIERARCHY, 777 PRIMARY_WAIT_FOR_PRIMARY, 778 PRIMARY_HAUTH_SENT, 779 PRIMARY_CREATED, 780 PRIMARY_VERIFY_PERSISTENT, 781 PRIMARY_GET_CAP 782 }; 783 784 /** The states for the FAPI's primary key regeneration */ 785 enum _FAPI_STATE_SESSION { 786 SESSION_INIT = 0, 787 SESSION_WAIT_FOR_PRIMARY, 788 SESSION_CREATE_SESSION, 789 SESSION_WAIT_FOR_SESSION1, 790 SESSION_WAIT_FOR_SESSION2 791 }; 792 793 /** The states for the FAPI's get random state */ 794 enum _FAPI_STATE_GET_RANDOM { 795 GET_RANDOM_INIT = 0, 796 GET_RANDOM_SENT 797 }; 798 799 /** The states for flushing objects */ 800 enum _FAPI_FLUSH_STATE { 801 FLUSH_INIT = 0, 802 WAIT_FOR_FLUSH 803 }; 804 805 /** The states for the FAPI's internal state machine */ 806 enum _FAPI_STATE { 807 _FAPI_STATE_INIT = 0, /**< The initial state after creation or after 808 finishing a command. A new command can only 809 be issued in this state. */ 810 _FAPI_STATE_INTERNALERROR, /**< A non-recoverable error occurred within the 811 ESAPI code. */ 812 INITIALIZE_READ, 813 INITIALIZE_INIT_TCTI, 814 INITIALIZE_GET_CAP, 815 INITIALIZE_WAIT_FOR_CAP, 816 INITIALIZE_READ_PROFILE, 817 INITIALIZE_READ_PROFILE_INIT, 818 INITIALIZE_READ_TIME, 819 INITIALIZE_CHECK_NULL_PRIMARY, 820 INITIALIZE_READ_NULL_PRIMARY, 821 PROVISION_WAIT_FOR_GET_CAP_AUTH_STATE, 822 PROVISION_WAIT_FOR_GET_CAP0, 823 PROVISION_WAIT_FOR_GET_CAP1, 824 PROVISION_INIT_GET_CAP2, 825 PROVISION_WAIT_FOR_GET_CAP2, 826 PROVISION_GET_CERT_NV, 827 PROVISION_GET_CERT_NV_FINISH, 828 PROVISION_GET_CERT_READ_PUBLIC, 829 PROVISION_READ_CERT, 830 PROVISION_PREPARE_READ_ROOT_CERT, 831 PROVISION_READ_ROOT_CERT, 832 PROVISION_INIT, 833 PROVISION_INIT_SRK, 834 PROVISION_WAIT_FOR_EK_SESSION, 835 PROVISION_WAIT_FOR_SRK_SESSION, 836 PROVISION_AUTH_EK_NO_AUTH_SENT, 837 PROVISION_AUTH_EK_AUTH_SENT, 838 PROVISION_AUTH_SRK_NO_AUTH_SENT, 839 PROVISION_AUTH_SRK_AUTH_SENT, 840 PROVISION_CLEAN_EK_SESSION, 841 PROVISION_CLEAN_SRK_SESSION, 842 PROVISION_EK_WRITE_PREPARE, 843 PROVISION_EK_WRITE, 844 PROVISION_EK_CHECK_CERT, 845 PROVISION_SRK_WRITE_PREPARE, 846 PROVISION_SRK_WRITE, 847 PROVISION_WAIT_FOR_EK_PERSISTENT, 848 PROVISION_WAIT_FOR_SRK_PERSISTENT, 849 PROVISION_CHANGE_LOCKOUT_AUTH, 850 PROVISION_CHANGE_EH_CHECK, 851 PROVISION_CHANGE_EH_AUTH, 852 PROVISION_CHANGE_SH_CHECK, 853 PROVISION_CHANGE_SH_AUTH, 854 PROVISION_EH_CHANGE_POLICY, 855 PROVISION_SH_CHANGE_POLICY, 856 PROVISION_LOCKOUT_CHANGE_POLICY, 857 PROVISION_FINISHED, 858 PROVISION_WRITE_SH, 859 PROVISION_WRITE_EH, 860 PROVISION_PREPARE_NULL, 861 PROVISION_WRITE_NULL, 862 PROVISION_WRITE_LOCKOUT, 863 PROVISION_WRITE_LOCKOUT_PARAM, 864 PROVISION_PREPARE_LOCKOUT_PARAM, 865 PROVISION_AUTHORIZE_LOCKOUT, 866 PROVISION_FLUSH_SRK, 867 PROVISION_FLUSH_EK, 868 PROVISION_CHECK_FOR_VENDOR_CERT, 869 PROVISION_GET_VENDOR, 870 PROVISION_GET_HIERARCHIES, 871 PROVISION_READ_HIERARCHIES, 872 PROVISION_READ_HIERARCHY, 873 PROVISION_WRITE_HIERARCHIES, 874 PROVISION_WRITE_HIERARCHY, 875 PROVISION_PREPARE_GET_CAP_AUTH_STATE, 876 877 KEY_CREATE, 878 KEY_CREATE_PRIMARY, 879 880 CREATE_SEAL, 881 882 KEY_SET_CERTIFICATE_READ, 883 KEY_SET_CERTIFICATE_WRITE, 884 885 KEY_GET_CERTIFICATE_READ, 886 887 GET_RANDOM_WAIT_FOR_SESSION, 888 GET_RANDOM_WAIT_FOR_RANDOM, 889 GET_RANDOM_CLEANUP, 890 891 NV_CREATE_READ_PROFILE, 892 NV_CREATE_READ_HIERARCHY, 893 NV_CREATE_AUTHORIZE_HIERARCHY, 894 NV_CREATE_GET_INDEX, 895 NV_CREATE_FIND_INDEX, 896 NV_CREATE_WAIT_FOR_SESSION, 897 898 NV_CREATE_AUTH_SENT, 899 NV_CREATE_WRITE, 900 NV_CREATE_CALCULATE_POLICY, 901 902 NV_WRITE_READ, 903 NV_WRITE_WRITE, 904 NV_WRITE_CLEANUP, 905 906 NV_EXTEND_READ, 907 NV_EXTEND_WAIT_FOR_SESSION, 908 NV_EXTEND_AUTHORIZE, 909 NV_EXTEND_AUTH_SENT, 910 NV_EXTEND_WRITE, 911 NV_EXTEND_CLEANUP, 912 913 NV_INCREMENT_READ, 914 NV_INCREMENT_WAIT_FOR_SESSION, 915 NV_INCREMENT_AUTHORIZE, 916 NV_INCREMENT_AUTH_SENT, 917 NV_INCREMENT_WRITE, 918 NV_INCREMENT_CLEANUP, 919 920 NV_SET_BITS_READ, 921 NV_SET_BITS_WAIT_FOR_SESSION, 922 NV_SET_BITS_AUTHORIZE, 923 NV_SET_BITS_AUTH_SENT, 924 NV_SET_BITS_WRITE, 925 NV_SET_BITS_CLEANUP, 926 927 NV_READ_READ, 928 NV_READ_WAIT, 929 NV_READ_WAIT_FOR_SESSION, 930 NV_READ_CLEANUP, 931 932 ENTITY_DELETE_GET_FILE, 933 ENTITY_DELETE_READ, 934 ENTITY_DELETE_WAIT_FOR_SESSION, 935 ENTITY_DELETE_NULL_AUTH_SENT_FOR_KEY, 936 ENTITY_DELETE_AUTH_SENT_FOR_KEY, 937 ENTITY_DELETE_NULL_AUTH_SENT_FOR_NV, 938 ENTITY_DELETE_AUTH_SENT_FOR_NV, 939 ENTITY_DELETE_KEY, 940 ENTITY_DELETE_KEY_WAIT_FOR_HIERARCHY, 941 ENTITY_DELETE_KEY_WAIT_FOR_AUTHORIZATION, 942 ENTITY_DELETE_AUTHORIZE_NV, 943 ENTITY_DELETE_FILE, 944 ENTITY_DELETE_POLICY, 945 ENTITY_DELETE_REMOVE_DIRS, 946 ENTITY_DELETE_CLEANUP, 947 ENTITY_DELETE_READ_HIERARCHY, 948 949 GET_ESYS_BLOB_GET_FILE, 950 GET_ESYS_BLOB_READ, 951 GET_ESYS_BLOB_NULL_AUTH_SENT_FOR_KEY, 952 GET_ESYS_BLOB_AUTH_SENT_FOR_KEY, 953 GET_ESYS_BLOB_NULL_AUTH_SENT_FOR_NV, 954 GET_ESYS_BLOB_AUTH_SENT_FOR_NV, 955 GET_ESYS_BLOB_KEY, 956 GET_ESYS_BLOB_WAIT_FOR_KEY, 957 GET_ESYS_BLOB_WAIT_FOR_CONTEXT_SAVE, 958 GET_ESYS_BLOB_SERIALIZE, 959 GET_ESYS_BLOB_FILE, 960 GET_ESYS_BLOB_WAIT_FOR_FLUSH, 961 GET_ESYS_BLOB_CLEANUP, 962 963 ENTITY_GET_TPM_BLOBS_READ, 964 965 KEY_SIGN_WAIT_FOR_KEY, 966 KEY_SIGN_WAIT_FOR_SIGN, 967 KEY_SIGN_CLEANUP, 968 969 ENTITY_CHANGE_AUTH_WAIT_FOR_SESSION, 970 ENTITY_CHANGE_AUTH_WAIT_FOR_KEY, 971 ENTITY_CHANGE_AUTH_AUTH_SENT, 972 ENTITY_CHANGE_AUTH_WAIT_FOR_FLUSH, 973 ENTITY_CHANGE_AUTH_WRITE_PREPARE, 974 ENTITY_CHANGE_AUTH_WRITE, 975 ENTITY_CHANGE_AUTH_WAIT_FOR_KEY_AUTH, 976 ENTITY_CHANGE_AUTH_WAIT_FOR_NV_READ, 977 ENTITY_CHANGE_AUTH_WAIT_FOR_NV_AUTH, 978 ENTITY_CHANGE_AUTH_WAIT_FOR_NV_CHANGE_AUTH, 979 ENTITY_CHANGE_AUTH_HIERARCHY_CHANGE_AUTH, 980 ENTITY_CHANGE_AUTH_HIERARCHY_READ, 981 ENTITY_CHANGE_AUTH_HIERARCHY_AUTHORIZE, 982 ENTITY_CHANGE_AUTH_CLEANUP, 983 984 DATA_ENCRYPT_WAIT_FOR_PROFILE, 985 DATA_ENCRYPT_WAIT_FOR_SESSION, 986 DATA_ENCRYPT_WAIT_FOR_KEY, 987 DATA_ENCRYPT_WAIT_FOR_FLUSH, 988 DATA_ENCRYPT_WAIT_FOR_RSA_ENCRYPTION, 989 DATA_ENCRYPT_CLEAN, 990 991 DATA_DECRYPT_WAIT_FOR_PROFILE, 992 DATA_DECRYPT_WAIT_FOR_SESSION, 993 DATA_DECRYPT_WAIT_FOR_KEY, 994 DATA_DECRYPT_WAIT_FOR_FLUSH, 995 DATA_DECRYPT_WAIT_FOR_RSA_DECRYPTION, 996 DATA_DECRYPT_AUTHORIZE_KEY, 997 DATA_DECRYPT_CLEANUP, 998 999 PCR_EXTEND_WAIT_FOR_SESSION, 1000 PCR_EXTEND_WAIT_FOR_GET_CAP, 1001 PCR_EXTEND_READ_EVENT_LOG, 1002 PCR_EXTEND_APPEND_EVENT_LOG, 1003 PCR_EXTEND_FINISH, 1004 PCR_EXTEND_CLEANUP, 1005 1006 PCR_READ_READ_PCR, 1007 PCR_READ_READ_EVENT_LIST, 1008 1009 PCR_QUOTE_WAIT_FOR_GET_CAP, 1010 PCR_QUOTE_WAIT_FOR_SESSION, 1011 PCR_QUOTE_WAIT_FOR_KEY, 1012 PCR_QUOTE_AUTH_SENT, 1013 PCR_QUOTE_AUTHORIZE, 1014 PCR_QUOTE_WAIT_FOR_FLUSH, 1015 PCR_QUOTE_READ_EVENT_LIST, 1016 PCR_QUOTE_CLEANUP, 1017 1018 PATH_SET_DESCRIPTION_READ, 1019 PATH_SET_DESCRIPTION_WRITE, 1020 1021 PATH_GET_DESCRIPTION_READ, 1022 1023 APP_DATA_SET_READ, 1024 APP_DATA_SET_WRITE, 1025 1026 AUTHORIZE_NEW_CALCULATE_POLICY, 1027 AUTHORIZE_NEW_LOAD_KEY, 1028 AUTHORIZE_NEW_KEY_SIGN_POLICY, 1029 AUTHORIZE_NEW_WRITE_POLICY_PREPARE, 1030 AUTHORIZE_NEW_WRITE_POLICY, 1031 AUTHORIZE_NEW_CLEANUP, 1032 1033 WRITE_AUTHORIZE_NV_READ_NV, 1034 WRITE_AUTHORIZE_NV_CALCULATE_POLICY, 1035 WRITE_AUTHORIZE_NV_WRITE_NV_RAM_PREPARE, 1036 WRITE_AUTHORIZE_NV_WRITE_NV_RAM, 1037 WRITE_AUTHORIZE_NV_WRITE_OBJCECT, 1038 WRITE_AUTHORIZE_NV_WRITE_POLICY_PREPARE, 1039 WRITE_AUTHORIZE_NV_WRITE_POLICY, 1040 WRITE_AUTHORIZE_NV_CLEANUP, 1041 1042 EXPORT_KEY_READ_PUB_KEY, 1043 EXPORT_KEY_READ_PUB_KEY_PARENT, 1044 EXPORT_KEY_WAIT_FOR_KEY, 1045 EXPORT_KEY_WAIT_FOR_DUPLICATE, 1046 EXPORT_KEY_WAIT_FOR_EXT_KEY, 1047 EXPORT_KEY_WAIT_FOR_AUTHORIZATON, 1048 EXPORT_KEY_WAIT_FOR_FLUSH1, 1049 EXPORT_KEY_WAIT_FOR_FLUSH2, 1050 EXPORT_KEY_CLEANUP, 1051 1052 IMPORT_KEY_WRITE_POLICY, 1053 IMPORT_KEY_WRITE, 1054 IMPORT_KEY_SEARCH, 1055 IMPORT_KEY_LOAD_PARENT, 1056 IMPORT_KEY_AUTHORIZE_PARENT, 1057 IMPORT_KEY_IMPORT, 1058 IMPORT_KEY_WAIT_FOR_FLUSH, 1059 IMPORT_KEY_WRITE_OBJECT_PREPARE, 1060 IMPORT_KEY_WRITE_OBJECT, 1061 IMPORT_KEY_CLEANUP, 1062 IMPORT_WAIT_FOR_SESSION, 1063 IMPORT_WAIT_FOR_PARENT, 1064 IMPORT_WAIT_FOR_AUTHORIZATION, 1065 IMPORT_WAIT_FOR_KEY, 1066 IMPORT_WRITE, 1067 IMPORT_FLUSH_PARENT, 1068 IMPORT_FLUSH_KEY, 1069 IMPORT_CLEANUP, 1070 1071 UNSEAL_WAIT_FOR_KEY, 1072 UNSEAL_AUTHORIZE_OBJECT, 1073 UNSEAL_WAIT_FOR_UNSEAL, 1074 UNSEAL_WAIT_FOR_FLUSH, 1075 UNSEAL_CLEANUP, 1076 1077 GET_PLATFORM_CERTIFICATE, 1078 1079 POLICY_EXPORT_READ_OBJECT, 1080 POLICY_EXPORT_READ_OBJECT_FINISH, 1081 POLICY_EXPORT_READ_POLICY, 1082 POLICY_EXPORT_READ_POLICY_FINISH, 1083 POLICY_EXPORT_CHECK_DIGEST, 1084 POLICY_EXPORT_COMPUTE_POLICY_DIGEST, 1085 1086 VERIFY_QUOTE_READ, 1087 1088 GET_INFO_GET_CAP, 1089 GET_INFO_GET_CAP_MORE, 1090 GET_INFO_WAIT_FOR_CAP 1091 }; 1092 1093 /** Structure holding FAPI callbacks and userData 1094 * 1095 * This structure holds the callback pointers and corresponding userData pointers for each of the 1096 * three callback types of FAPI. They are set using Fapi_SetAuthCB, Fapi_SetBranchCB and 1097 * Fapi_SetSignCB. 1098 */ 1099 struct IFAPI_CALLBACKS { 1100 Fapi_CB_Auth auth; 1101 void *authData; 1102 Fapi_CB_Branch branch; 1103 void *branchData; 1104 Fapi_CB_Sign sign; 1105 void *signData; 1106 Fapi_CB_PolicyAction action; 1107 void *actionData; 1108 }; 1109 1110 /** The data structure holding internal state information. 1111 * 1112 * Each FAPI_CONTEXT respresents a logically independent connection to the TPM. 1113 * It stores meta data information about object in order to calculate session 1114 * auths and similar things. 1115 */ 1116 struct FAPI_CONTEXT { 1117 ESYS_CONTEXT *esys; /**< The ESYS context used internally to talk to 1118 the TPM. */ 1119 struct IFAPI_CALLBACKS callbacks; /**< Callbacks for user interaction from FAPI */ 1120 struct IFAPI_IO io; 1121 struct IFAPI_EVENTLOG eventlog; 1122 struct IFAPI_KEYSTORE keystore; 1123 struct IFAPI_POLICY_STORE pstore; 1124 struct IFAPI_PROFILES profiles; 1125 TPMS_TIME_INFO init_time; /**< The current time during FAPI initialization. **/ 1126 1127 enum _FAPI_STATE state; /**< The current state of the command execution */ 1128 enum _FAPI_STATE_PRIMARY primary_state; /**< The current state of the primary regeneration */ 1129 enum _FAPI_STATE_SESSION session_state; /**< The current state of the session creation */ 1130 enum _FAPI_STATE_GET_RANDOM get_random_state; /**< The current state of get random */ 1131 enum IFAPI_HIERACHY_AUTHORIZATION_STATE hierarchy_state; 1132 enum IFAPI_HIERACHY_POLICY_AUTHORIZATION_STATE hierarchy_policy_state; 1133 enum IFAPI_GET_CERT_STATE get_cert_state; 1134 enum _FAPI_FLUSH_STATE flush_object_state; /**< The current state of a flush operation */ 1135 enum IFAPI_CLEANUP_STATE cleanup_state; /**< The state of cleanup after command execution */ 1136 IFAPI_CONFIG config; /**< The profile independent configuration data */ 1137 UINT32 nv_buffer_max; /**< The maximal size for transfer of nv buffer content */ 1138 IFAPI_CMD_STATE cmd; /**< The state information of the currently executed 1139 command */ 1140 IFAPI_NV_Cmds nv_cmd; 1141 IFAPI_GetRandom get_random; 1142 IFAPI_CreatePrimary createPrimary; 1143 IFAPI_LoadKey loadKey; 1144 ESYS_TR session1; /**< The first session used by FAPI */ 1145 ESYS_TR session2; /**< The second session used by FAPI */ 1146 ESYS_TR policy_session; /**< The policy session used by FAPI */ 1147 ESYS_TR ek_handle; 1148 ESYS_TR srk_handle; 1149 TPMI_DH_PERSISTENT ek_persistent; 1150 TPMI_DH_PERSISTENT srk_persistent; 1151 IFAPI_SESSION_TYPE session_flags; 1152 TPMA_SESSION session1_attribute_flags; 1153 TPMA_SESSION session2_attribute_flags; 1154 IFAPI_MAX_BUFFER aux_data; /**< tpm2b data to be transferred */ 1155 IFAPI_POLICY_CTX policy; /**< The context of current policy. */ 1156 IFAPI_FILE_SEARCH_CTX fsearch; /**< The context for object search in key/policy store */ 1157 IFAPI_Key_Sign Key_Sign; /**< State information for key signing */ 1158 enum IFAPI_IO_STATE io_state; 1159 NODE_OBJECT_T *object_list; 1160 IFAPI_OBJECT *duplicate_key; /**< Will be needed for policy execution */ 1161 IFAPI_OBJECT *current_auth_object; 1162 }; 1163 1164 #define VENDOR_IFX 0x49465800 1165 #define VENDOR_INTC 0x494E5443 1166 #define VEDNOR_IBM 0x49424D20 1167 1168 #endif /* FAPI_INT_H */ 1169