1 
2 /*
3  * Licensed Materials - Property of IBM
4  *
5  * trousers - An open source TCG Software Stack
6  *
7  * (C) Copyright International Business Machines Corp. 2004-2007
8  *
9  */
10 
11 #ifndef _OBJ_POLICY_H_
12 #define _OBJ_POLICY_H_
13 
14 /* structures */
15 struct tr_policy_obj {
16 	BYTE SecretLifetime;
17 	TSS_BOOL SecretSet;
18 	UINT32 SecretMode;
19 	UINT32 SecretCounter;
20 	UINT32 SecretTimeStamp;
21 	UINT32 SecretSize;
22 	BYTE Secret[20];
23 	UINT32 type;
24 	BYTE *popupString;
25 	UINT32 popupStringLength;
26 	UINT32 hashMode;
27 	TSS_ALGORITHM_ID hmacAlg;
28 	TSS_ALGORITHM_ID xorAlg;
29 	TSS_ALGORITHM_ID takeownerAlg;
30 	TSS_ALGORITHM_ID changeauthAlg;
31 #ifdef TSS_BUILD_SEALX
32 	TSS_ALGORITHM_ID sealxAlg;
33 #endif
34 	PVOID hmacAppData;
35 	PVOID xorAppData;
36 	PVOID takeownerAppData;
37 	PVOID changeauthAppData;
38 #ifdef TSS_BUILD_SEALX
39 	PVOID sealxAppData;
40 #endif
41 #ifdef TSS_BUILD_DELEGATION
42 	/* The per1 and per2 are only used when creating a delegation.
43 	   After that, the blob or index is used to retrieve the information */
44 	UINT32 delegationPer1;
45 	UINT32 delegationPer2;
46 
47 	UINT32 delegationType;
48 	TSS_BOOL delegationIndexSet;	/* Since 0 is a valid index value */
49 	UINT32 delegationIndex;
50 	UINT32 delegationBlobLength;
51 	BYTE *delegationBlob;
52 #endif
53 	TSS_RESULT (*Tspicb_CallbackHMACAuth)(
54 			PVOID lpAppData,
55 			TSS_HOBJECT hAuthorizedObject,
56 			TSS_BOOL ReturnOrVerify,
57 			UINT32 ulPendingFunction,
58 			TSS_BOOL ContinueUse,
59 			UINT32 ulSizeNonces,
60 			BYTE *rgbNonceEven,
61 			BYTE *rgbNonceOdd,
62 			BYTE *rgbNonceEvenOSAP,
63 			BYTE *rgbNonceOddOSAP,
64 			UINT32 ulSizeDigestHmac,
65 			BYTE *rgbParamDigest,
66 			BYTE *rgbHmacData);
67 	TSS_RESULT (*Tspicb_CallbackXorEnc)(
68 			PVOID lpAppData,
69 			TSS_HOBJECT hOSAPObject,
70 			TSS_HOBJECT hObject,
71 			TSS_FLAG PurposeSecret,
72 			UINT32 ulSizeNonces,
73 			BYTE *rgbNonceEven,
74 			BYTE *rgbNonceOdd,
75 			BYTE *rgbNonceEvenOSAP,
76 			BYTE *rgbNonceOddOSAP,
77 			UINT32 ulSizeEncAuth,
78 			BYTE *rgbEncAuthUsage,
79 			BYTE *rgbEncAuthMigration);
80 	TSS_RESULT (*Tspicb_CallbackTakeOwnership)(
81 			PVOID lpAppData,
82 			TSS_HOBJECT hObject,
83 			TSS_HKEY hObjectPubKey,
84 			UINT32 ulSizeEncAuth,
85 			BYTE *rgbEncAuth);
86 	TSS_RESULT (*Tspicb_CallbackChangeAuthAsym)(
87 			PVOID lpAppData,
88 			TSS_HOBJECT hObject,
89 			TSS_HKEY hObjectPubKey,
90 			UINT32 ulSizeEncAuth,
91 			UINT32 ulSizeAithLink,
92 			BYTE *rgbEncAuth,
93 			BYTE *rgbAuthLink);
94 #ifdef TSS_BUILD_SEALX
95 	TSS_RESULT (*Tspicb_CallbackSealxMask)(
96 			PVOID lpAppData,
97 			TSS_HKEY hKey,
98 			TSS_HENCDATA hEncData,
99 			TSS_ALGORITHM_ID algID,
100 			UINT32 ulSizeNonces,
101 			BYTE *rgbNonceEven,
102 			BYTE *rgbNonceOdd,
103 			BYTE *rgbNonceEvenOSAP,
104 			BYTE *rgbNonceOddOSAP,
105 			UINT32 ulDataLength,
106 			BYTE *rgbDataToMask,
107 			BYTE *rgbMaskedData);
108 #endif
109 };
110 
111 /* obj_policy.c */
112 void       __tspi_policy_free(void *data);
113 TSS_BOOL   anyPopupPolicies(TSS_HCONTEXT);
114 TSS_BOOL   obj_is_policy(TSS_HOBJECT);
115 TSS_RESULT obj_policy_get_tsp_context(TSS_HPOLICY, TSS_HCONTEXT *);
116 /* One of these 2 flags should be passed to obj_policy_get_secret so that if a popup must
117  * be executed to get the secret, we know whether or not the new dialog should be displayed,
118  * which will ask for confirmation */
119 #define TR_SECRET_CTX_NEW	TRUE
120 #define TR_SECRET_CTX_NOT_NEW	FALSE
121 TSS_RESULT obj_policy_get_secret(TSS_HPOLICY, TSS_BOOL, TCPA_SECRET *);
122 TSS_RESULT obj_policy_flush_secret(TSS_HPOLICY);
123 TSS_RESULT obj_policy_set_secret_object(TSS_HPOLICY, TSS_FLAG, UINT32,
124 					TCPA_DIGEST *, TSS_BOOL);
125 TSS_RESULT obj_policy_set_secret(TSS_HPOLICY, TSS_FLAG, UINT32, BYTE *);
126 TSS_RESULT obj_policy_get_type(TSS_HPOLICY, UINT32 *);
127 TSS_RESULT obj_policy_remove(TSS_HOBJECT, TSS_HCONTEXT);
128 TSS_RESULT obj_policy_add(TSS_HCONTEXT, UINT32, TSS_HOBJECT *);
129 TSS_RESULT obj_policy_set_type(TSS_HPOLICY, UINT32);
130 TSS_RESULT obj_policy_set_cb12(TSS_HPOLICY, TSS_FLAG, BYTE *);
131 TSS_RESULT obj_policy_get_cb12(TSS_HPOLICY, TSS_FLAG, UINT32 *, BYTE **);
132 TSS_RESULT obj_policy_set_cb11(TSS_HPOLICY, TSS_FLAG, TSS_FLAG, UINT32);
133 TSS_RESULT obj_policy_get_cb11(TSS_HPOLICY, TSS_FLAG, UINT32 *);
134 TSS_RESULT obj_policy_get_lifetime(TSS_HPOLICY, UINT32 *);
135 TSS_RESULT obj_policy_set_lifetime(TSS_HPOLICY, UINT32, UINT32);
136 TSS_RESULT obj_policy_get_counter(TSS_HPOLICY, UINT32 *);
137 TSS_RESULT obj_policy_get_string(TSS_HPOLICY, UINT32 *size, BYTE **);
138 TSS_RESULT obj_policy_set_string(TSS_HPOLICY, UINT32 size, BYTE *);
139 TSS_RESULT obj_policy_get_secs_until_expired(TSS_HPOLICY, UINT32 *);
140 TSS_RESULT obj_policy_has_expired(TSS_HPOLICY, TSS_BOOL *);
141 TSS_RESULT obj_policy_get_mode(TSS_HPOLICY, UINT32 *);
142 TSS_RESULT obj_policy_dec_counter(TSS_HPOLICY);
143 TSS_RESULT obj_policy_do_hmac(TSS_HPOLICY, TSS_HOBJECT, TSS_BOOL, UINT32,
144 			      TSS_BOOL, UINT32, BYTE *, BYTE *, BYTE *, BYTE *,
145 			      UINT32, BYTE *, BYTE *);
146 TSS_RESULT obj_policy_do_xor(TSS_HPOLICY, TSS_HOBJECT, TSS_HOBJECT, TSS_FLAG,
147 		UINT32, BYTE *, BYTE *, BYTE *, BYTE *, UINT32, BYTE *, BYTE *);
148 TSS_RESULT obj_policy_do_takeowner(TSS_HPOLICY, TSS_HOBJECT, TSS_HKEY, UINT32, BYTE *);
149 TSS_RESULT obj_policy_validate_auth_oiap(TSS_HPOLICY, TCPA_DIGEST *, TPM_AUTH *);
150 TSS_RESULT obj_policy_get_hash_mode(TSS_HPOLICY, UINT32 *);
151 TSS_RESULT obj_policy_set_hash_mode(TSS_HPOLICY, UINT32);
152 TSS_RESULT obj_policy_get_xsap_params(TSS_HPOLICY, TPM_COMMAND_CODE, TPM_ENTITY_TYPE *, UINT32 *,
153 				      BYTE **, BYTE *, TSS_CALLBACK *, TSS_CALLBACK *,
154 				      TSS_CALLBACK *, UINT32 *, TSS_BOOL);
155 TSS_RESULT obj_policy_is_secret_set(TSS_HPOLICY, TSS_BOOL *);
156 #ifdef TSS_BUILD_DELEGATION
157 TSS_RESULT obj_policy_set_delegation_type(TSS_HPOLICY, UINT32);
158 TSS_RESULT obj_policy_get_delegation_type(TSS_HPOLICY, UINT32 *);
159 TSS_RESULT obj_policy_set_delegation_index(TSS_HPOLICY, UINT32);
160 TSS_RESULT obj_policy_get_delegation_index(TSS_HPOLICY, UINT32 *);
161 TSS_RESULT obj_policy_set_delegation_per1(TSS_HPOLICY, UINT32);
162 TSS_RESULT obj_policy_get_delegation_per1(TSS_HPOLICY, UINT32 *);
163 TSS_RESULT obj_policy_set_delegation_per2(TSS_HPOLICY, UINT32);
164 TSS_RESULT obj_policy_get_delegation_per2(TSS_HPOLICY, UINT32 *);
165 TSS_RESULT obj_policy_set_delegation_blob(TSS_HPOLICY, UINT32, UINT32, BYTE *);
166 TSS_RESULT obj_policy_get_delegation_blob(TSS_HPOLICY, UINT32, UINT32 *, BYTE **);
167 TSS_RESULT obj_policy_get_delegation_label(TSS_HPOLICY, BYTE *);
168 TSS_RESULT obj_policy_get_delegation_familyid(TSS_HPOLICY, UINT32 *);
169 TSS_RESULT obj_policy_get_delegation_vercount(TSS_HPOLICY, UINT32 *);
170 TSS_RESULT obj_policy_get_delegation_pcr_locality(TSS_HPOLICY, UINT32 *);
171 TSS_RESULT obj_policy_get_delegation_pcr_digest(TSS_HPOLICY, UINT32 *, BYTE **);
172 TSS_RESULT obj_policy_get_delegation_pcr_selection(TSS_HPOLICY, UINT32 *, BYTE **);
173 TSS_RESULT obj_policy_is_delegation_index_set(TSS_HPOLICY, TSS_BOOL *);
174 
175 void obj_policy_clear_delegation(struct tr_policy_obj *);
176 TSS_RESULT obj_policy_get_delegate_public(struct tsp_object *, TPM_DELEGATE_PUBLIC *);
177 #endif
178 
179 #define POLICY_LIST_DECLARE		struct obj_list policy_list
180 #define POLICY_LIST_DECLARE_EXTERN	extern struct obj_list policy_list
181 #define POLICY_LIST_INIT()		tspi_list_init(&policy_list)
182 #define POLICY_LIST_CONNECT(a,b)	obj_connectContext_list(&policy_list, a, b)
183 #define POLICY_LIST_CLOSE(a)		obj_list_close(&policy_list, &__tspi_policy_free, a)
184 
185 #endif
186