1 2 /* 3 * Licensed Materials - Property of IBM 4 * 5 * trousers - An open source TCG Software Stack 6 * 7 * (C) Copyright International Business Machines Corp. 2004-2007 8 * 9 */ 10 11 #ifndef _OBJ_POLICY_H_ 12 #define _OBJ_POLICY_H_ 13 14 /* structures */ 15 struct tr_policy_obj { 16 BYTE SecretLifetime; 17 TSS_BOOL SecretSet; 18 UINT32 SecretMode; 19 UINT32 SecretCounter; 20 UINT32 SecretTimeStamp; 21 UINT32 SecretSize; 22 BYTE Secret[20]; 23 UINT32 type; 24 BYTE *popupString; 25 UINT32 popupStringLength; 26 UINT32 hashMode; 27 TSS_ALGORITHM_ID hmacAlg; 28 TSS_ALGORITHM_ID xorAlg; 29 TSS_ALGORITHM_ID takeownerAlg; 30 TSS_ALGORITHM_ID changeauthAlg; 31 #ifdef TSS_BUILD_SEALX 32 TSS_ALGORITHM_ID sealxAlg; 33 #endif 34 PVOID hmacAppData; 35 PVOID xorAppData; 36 PVOID takeownerAppData; 37 PVOID changeauthAppData; 38 #ifdef TSS_BUILD_SEALX 39 PVOID sealxAppData; 40 #endif 41 #ifdef TSS_BUILD_DELEGATION 42 /* The per1 and per2 are only used when creating a delegation. 43 After that, the blob or index is used to retrieve the information */ 44 UINT32 delegationPer1; 45 UINT32 delegationPer2; 46 47 UINT32 delegationType; 48 TSS_BOOL delegationIndexSet; /* Since 0 is a valid index value */ 49 UINT32 delegationIndex; 50 UINT32 delegationBlobLength; 51 BYTE *delegationBlob; 52 #endif 53 TSS_RESULT (*Tspicb_CallbackHMACAuth)( 54 PVOID lpAppData, 55 TSS_HOBJECT hAuthorizedObject, 56 TSS_BOOL ReturnOrVerify, 57 UINT32 ulPendingFunction, 58 TSS_BOOL ContinueUse, 59 UINT32 ulSizeNonces, 60 BYTE *rgbNonceEven, 61 BYTE *rgbNonceOdd, 62 BYTE *rgbNonceEvenOSAP, 63 BYTE *rgbNonceOddOSAP, 64 UINT32 ulSizeDigestHmac, 65 BYTE *rgbParamDigest, 66 BYTE *rgbHmacData); 67 TSS_RESULT (*Tspicb_CallbackXorEnc)( 68 PVOID lpAppData, 69 TSS_HOBJECT hOSAPObject, 70 TSS_HOBJECT hObject, 71 TSS_FLAG PurposeSecret, 72 UINT32 ulSizeNonces, 73 BYTE *rgbNonceEven, 74 BYTE *rgbNonceOdd, 75 BYTE *rgbNonceEvenOSAP, 76 BYTE *rgbNonceOddOSAP, 77 UINT32 ulSizeEncAuth, 78 BYTE *rgbEncAuthUsage, 79 BYTE *rgbEncAuthMigration); 80 TSS_RESULT (*Tspicb_CallbackTakeOwnership)( 81 PVOID lpAppData, 82 TSS_HOBJECT hObject, 83 TSS_HKEY hObjectPubKey, 84 UINT32 ulSizeEncAuth, 85 BYTE *rgbEncAuth); 86 TSS_RESULT (*Tspicb_CallbackChangeAuthAsym)( 87 PVOID lpAppData, 88 TSS_HOBJECT hObject, 89 TSS_HKEY hObjectPubKey, 90 UINT32 ulSizeEncAuth, 91 UINT32 ulSizeAithLink, 92 BYTE *rgbEncAuth, 93 BYTE *rgbAuthLink); 94 #ifdef TSS_BUILD_SEALX 95 TSS_RESULT (*Tspicb_CallbackSealxMask)( 96 PVOID lpAppData, 97 TSS_HKEY hKey, 98 TSS_HENCDATA hEncData, 99 TSS_ALGORITHM_ID algID, 100 UINT32 ulSizeNonces, 101 BYTE *rgbNonceEven, 102 BYTE *rgbNonceOdd, 103 BYTE *rgbNonceEvenOSAP, 104 BYTE *rgbNonceOddOSAP, 105 UINT32 ulDataLength, 106 BYTE *rgbDataToMask, 107 BYTE *rgbMaskedData); 108 #endif 109 }; 110 111 /* obj_policy.c */ 112 void __tspi_policy_free(void *data); 113 TSS_BOOL anyPopupPolicies(TSS_HCONTEXT); 114 TSS_BOOL obj_is_policy(TSS_HOBJECT); 115 TSS_RESULT obj_policy_get_tsp_context(TSS_HPOLICY, TSS_HCONTEXT *); 116 /* One of these 2 flags should be passed to obj_policy_get_secret so that if a popup must 117 * be executed to get the secret, we know whether or not the new dialog should be displayed, 118 * which will ask for confirmation */ 119 #define TR_SECRET_CTX_NEW TRUE 120 #define TR_SECRET_CTX_NOT_NEW FALSE 121 TSS_RESULT obj_policy_get_secret(TSS_HPOLICY, TSS_BOOL, TCPA_SECRET *); 122 TSS_RESULT obj_policy_flush_secret(TSS_HPOLICY); 123 TSS_RESULT obj_policy_set_secret_object(TSS_HPOLICY, TSS_FLAG, UINT32, 124 TCPA_DIGEST *, TSS_BOOL); 125 TSS_RESULT obj_policy_set_secret(TSS_HPOLICY, TSS_FLAG, UINT32, BYTE *); 126 TSS_RESULT obj_policy_get_type(TSS_HPOLICY, UINT32 *); 127 TSS_RESULT obj_policy_remove(TSS_HOBJECT, TSS_HCONTEXT); 128 TSS_RESULT obj_policy_add(TSS_HCONTEXT, UINT32, TSS_HOBJECT *); 129 TSS_RESULT obj_policy_set_type(TSS_HPOLICY, UINT32); 130 TSS_RESULT obj_policy_set_cb12(TSS_HPOLICY, TSS_FLAG, BYTE *); 131 TSS_RESULT obj_policy_get_cb12(TSS_HPOLICY, TSS_FLAG, UINT32 *, BYTE **); 132 TSS_RESULT obj_policy_set_cb11(TSS_HPOLICY, TSS_FLAG, TSS_FLAG, UINT32); 133 TSS_RESULT obj_policy_get_cb11(TSS_HPOLICY, TSS_FLAG, UINT32 *); 134 TSS_RESULT obj_policy_get_lifetime(TSS_HPOLICY, UINT32 *); 135 TSS_RESULT obj_policy_set_lifetime(TSS_HPOLICY, UINT32, UINT32); 136 TSS_RESULT obj_policy_get_counter(TSS_HPOLICY, UINT32 *); 137 TSS_RESULT obj_policy_get_string(TSS_HPOLICY, UINT32 *size, BYTE **); 138 TSS_RESULT obj_policy_set_string(TSS_HPOLICY, UINT32 size, BYTE *); 139 TSS_RESULT obj_policy_get_secs_until_expired(TSS_HPOLICY, UINT32 *); 140 TSS_RESULT obj_policy_has_expired(TSS_HPOLICY, TSS_BOOL *); 141 TSS_RESULT obj_policy_get_mode(TSS_HPOLICY, UINT32 *); 142 TSS_RESULT obj_policy_dec_counter(TSS_HPOLICY); 143 TSS_RESULT obj_policy_do_hmac(TSS_HPOLICY, TSS_HOBJECT, TSS_BOOL, UINT32, 144 TSS_BOOL, UINT32, BYTE *, BYTE *, BYTE *, BYTE *, 145 UINT32, BYTE *, BYTE *); 146 TSS_RESULT obj_policy_do_xor(TSS_HPOLICY, TSS_HOBJECT, TSS_HOBJECT, TSS_FLAG, 147 UINT32, BYTE *, BYTE *, BYTE *, BYTE *, UINT32, BYTE *, BYTE *); 148 TSS_RESULT obj_policy_do_takeowner(TSS_HPOLICY, TSS_HOBJECT, TSS_HKEY, UINT32, BYTE *); 149 TSS_RESULT obj_policy_validate_auth_oiap(TSS_HPOLICY, TCPA_DIGEST *, TPM_AUTH *); 150 TSS_RESULT obj_policy_get_hash_mode(TSS_HPOLICY, UINT32 *); 151 TSS_RESULT obj_policy_set_hash_mode(TSS_HPOLICY, UINT32); 152 TSS_RESULT obj_policy_get_xsap_params(TSS_HPOLICY, TPM_COMMAND_CODE, TPM_ENTITY_TYPE *, UINT32 *, 153 BYTE **, BYTE *, TSS_CALLBACK *, TSS_CALLBACK *, 154 TSS_CALLBACK *, UINT32 *, TSS_BOOL); 155 TSS_RESULT obj_policy_is_secret_set(TSS_HPOLICY, TSS_BOOL *); 156 #ifdef TSS_BUILD_DELEGATION 157 TSS_RESULT obj_policy_set_delegation_type(TSS_HPOLICY, UINT32); 158 TSS_RESULT obj_policy_get_delegation_type(TSS_HPOLICY, UINT32 *); 159 TSS_RESULT obj_policy_set_delegation_index(TSS_HPOLICY, UINT32); 160 TSS_RESULT obj_policy_get_delegation_index(TSS_HPOLICY, UINT32 *); 161 TSS_RESULT obj_policy_set_delegation_per1(TSS_HPOLICY, UINT32); 162 TSS_RESULT obj_policy_get_delegation_per1(TSS_HPOLICY, UINT32 *); 163 TSS_RESULT obj_policy_set_delegation_per2(TSS_HPOLICY, UINT32); 164 TSS_RESULT obj_policy_get_delegation_per2(TSS_HPOLICY, UINT32 *); 165 TSS_RESULT obj_policy_set_delegation_blob(TSS_HPOLICY, UINT32, UINT32, BYTE *); 166 TSS_RESULT obj_policy_get_delegation_blob(TSS_HPOLICY, UINT32, UINT32 *, BYTE **); 167 TSS_RESULT obj_policy_get_delegation_label(TSS_HPOLICY, BYTE *); 168 TSS_RESULT obj_policy_get_delegation_familyid(TSS_HPOLICY, UINT32 *); 169 TSS_RESULT obj_policy_get_delegation_vercount(TSS_HPOLICY, UINT32 *); 170 TSS_RESULT obj_policy_get_delegation_pcr_locality(TSS_HPOLICY, UINT32 *); 171 TSS_RESULT obj_policy_get_delegation_pcr_digest(TSS_HPOLICY, UINT32 *, BYTE **); 172 TSS_RESULT obj_policy_get_delegation_pcr_selection(TSS_HPOLICY, UINT32 *, BYTE **); 173 TSS_RESULT obj_policy_is_delegation_index_set(TSS_HPOLICY, TSS_BOOL *); 174 175 void obj_policy_clear_delegation(struct tr_policy_obj *); 176 TSS_RESULT obj_policy_get_delegate_public(struct tsp_object *, TPM_DELEGATE_PUBLIC *); 177 #endif 178 179 #define POLICY_LIST_DECLARE struct obj_list policy_list 180 #define POLICY_LIST_DECLARE_EXTERN extern struct obj_list policy_list 181 #define POLICY_LIST_INIT() tspi_list_init(&policy_list) 182 #define POLICY_LIST_CONNECT(a,b) obj_connectContext_list(&policy_list, a, b) 183 #define POLICY_LIST_CLOSE(a) obj_list_close(&policy_list, &__tspi_policy_free, a) 184 185 #endif 186