1 /* SPDX-License-Identifier: BSD-2-Clause */ 2 /******************************************************************************* 3 * Copyright 2018-2019, Fraunhofer SIT sponsored by Infineon Technologies AG 4 * All rights reserved. 5 ******************************************************************************/ 6 7 #ifndef IFAPI_KEYSTORE_H 8 #define IFAPI_KEYSTORE_H 9 10 #include <stdlib.h> 11 12 #include "tss2_common.h" 13 #include "tss2_tpm2_types.h" 14 #include "fapi_types.h" 15 #include "ifapi_policy_types.h" 16 #include "tss2_esys.h" 17 18 typedef UINT32 IFAPI_OBJECT_TYPE_CONSTANT; 19 #define IFAPI_OBJ_NONE 0 /**< Tag for key resource */ 20 #define IFAPI_KEY_OBJ 1 /**< Tag for key resource */ 21 #define IFAPI_NV_OBJ 2 /**< Tag for NV Ram resource */ 22 #define IFAPI_EXT_PUB_KEY_OBJ 3 /**< Tag for key resource */ 23 #define IFAPI_HIERARCHY_OBJ 4 /**< Tag for other resources, e.g. PCR register, hierarchies */ 24 #define IFAPI_DUPLICATE_OBJ 5 /**< Tag for key duplication object */ 25 26 /** Type for representing a FAPI key 27 */ 28 typedef struct { 29 UINT32 persistent_handle; /**< Persistent TPM Handle */ 30 TPM2B_PUBLIC public; /**< The wrapped public portion of the object */ 31 UINT8_ARY serialization; /**< None */ 32 UINT8_ARY private; /**< None */ 33 char *policyInstance; /**< Keys policy */ 34 TPM2B_CREATION_DATA creationData; /**< None */ 35 TPMT_TK_CREATION creationTicket; /**< None */ 36 char *description; /**< Human readable description of key */ 37 UINT8_ARY appData; /**< Application data */ 38 char *certificate; /**< Keys certificate (if any) */ 39 TPMT_SIG_SCHEME signing_scheme; /**< Signing scheme for the key */ 40 TPM2B_NAME name; /**< Name of the key */ 41 TPMI_YES_NO with_auth; /**< Authorization provided during creation */ 42 UINT32 reset_count; /**< The TPM reset count during key creation */ 43 } IFAPI_KEY; 44 45 /** Type for representing a external public key 46 */ 47 typedef struct { 48 char *pem_ext_public; /**< Public key in PEM format */ 49 char *certificate; /**< Keys certificate (if any) */ 50 TPM2B_PUBLIC public; /**< The pulic information in TPM format */ 51 } IFAPI_EXT_PUB_KEY; 52 53 /** Type for representing hierarchy 54 */ 55 typedef struct { 56 TPMI_YES_NO with_auth; /**< Authorization provided */ 57 char *description; /**< Human readable description of hierarchy */ 58 TPM2B_DIGEST authPolicy; 59 ESYS_TR esysHandle; 60 bool authorized; /**< Switch whether hiearchy is authorized. */ 61 } IFAPI_HIERARCHY; 62 63 /** Type for representing a FAPI NV object 64 */ 65 typedef struct { 66 TPM2B_NV_PUBLIC public; /**< The wrapped public portion of the object */ 67 UINT8_ARY serialization; /**< None */ 68 UINT32 hierarchy; /**< The hierarchy used for NV object creation */ 69 char *policyInstance; /**< Keys policy */ 70 char *description; /**< Human readable description of key */ 71 UINT8_ARY appData; /**< Application data */ 72 TPMI_YES_NO with_auth; /**< Authorization provided during creation */ 73 char* event_log; /**< The event log if NV type is pcr */ 74 } IFAPI_NV; 75 76 /** Type for representing a FAPI object for key duplication. 77 */ 78 typedef struct { 79 80 TPM2B_PRIVATE duplicate; /**< The duplicate of the key to export*/ 81 TPM2B_ENCRYPTED_SECRET encrypted_seed; /**< Encrypted seed needed for key import */ 82 TPM2B_PUBLIC public; /**< The public information of the key to be duplicated */ 83 TPM2B_PUBLIC public_parent; /**< The public information of the new parent key */ 84 char *certificate; /**< The certificate of the key to be duplicated */ 85 TPMS_POLICY *policy; /**< The policy of the key to be duplicated */ 86 } IFAPI_DUPLICATE; 87 88 /** type for representing public info of a TPM-Resource 89 */ 90 typedef union { 91 IFAPI_EXT_PUB_KEY ext_pub_key; /**< Public info for external key. */ 92 IFAPI_KEY key; /**< Public info for key objects */ 93 IFAPI_NV nv; /**< Public info for NV ram objects */ 94 IFAPI_DUPLICATE key_tree; /**< Information for key duplication */ 95 IFAPI_HIERARCHY hierarchy; /**< Information related to hierarchies */ 96 } IFAPI_OBJECT_UNION; 97 98 /** The states for key searching */ 99 enum FAPI_SEARCH_STATE { 100 KSEARCH_INIT = 0, 101 KSEARCH_SEARCH_OBJECT, 102 KSEARCH_READ 103 }; 104 105 /** The data structure holding internal state for key searching. 106 */ 107 typedef struct { 108 size_t path_idx; /**< Index of array of objects to be searched */ 109 size_t numPaths; /**< Number of all objects in data store */ 110 char **pathlist; /**< The array of all objects in the search path */ 111 enum FAPI_SEARCH_STATE state; 112 } IFAPI_KEY_SEARCH; 113 114 typedef struct IFAPI_KEYSTORE { 115 char *systemdir; 116 char *userdir; 117 char *defaultprofile; 118 IFAPI_KEY_SEARCH key_search; 119 const char* rel_path; 120 } IFAPI_KEYSTORE; 121 122 123 /** The states for the FAPI's object authorization state*/ 124 enum IFAPI_AUTHORIZATION_STATE { 125 AUTH_INIT = 0, 126 AUTH_CHECK_POLICY, 127 AUTH_CREATE_SESSION, 128 AUTH_EXEC_POLICY, 129 AUTH_FLUSH_OLD_POLICY, 130 AUTH_DONE 131 }; 132 133 /** The states for the FAPI's object write/read state*/ 134 enum IFAPI_IO_STATE { 135 IO_INIT = 0, 136 IO_ACTIVE, 137 }; 138 139 /** Type for representing TPM-Resource 140 */ 141 typedef struct _IFAPI_OBJECT { 142 TPMS_POLICY *policy; 143 IFAPI_OBJECT_TYPE_CONSTANT objectType; /**< Selector for object type */ 144 IFAPI_OBJECT_UNION misc; /**< Resource specific information */ 145 TPMI_YES_NO system; /**< Store the object in the system wide 146 directory */ 147 ESYS_TR handle; /**< Handle used by ESAPI */ 148 enum IFAPI_AUTHORIZATION_STATE authorization_state; /**< State of object authorization state machine */ 149 enum IFAPI_IO_STATE state; 150 const char *rel_path; /**< The relative path in keystore. */ 151 152 } IFAPI_OBJECT; 153 154 TSS2_RC 155 ifapi_check_valid_path(const char *path); 156 157 TSS2_RC 158 ifapi_keystore_initialize( 159 IFAPI_KEYSTORE *keystore, 160 const char *config_systemdir, 161 const char *config_userdir, 162 const char *config_defaultprofile); 163 164 TSS2_RC 165 ifapi_keystore_load_async( 166 IFAPI_KEYSTORE *keystore, 167 IFAPI_IO *io, 168 const char *path); 169 170 TSS2_RC 171 ifapi_keystore_load_finish( 172 IFAPI_KEYSTORE *keystore, 173 IFAPI_IO *io, 174 IFAPI_OBJECT *object); 175 176 TSS2_RC 177 ifapi_keystore_object_does_not_exist( 178 IFAPI_KEYSTORE *keystore, 179 const char *path, 180 const IFAPI_OBJECT *object); 181 182 TSS2_RC 183 ifapi_keystore_store_async( 184 IFAPI_KEYSTORE *keystore, 185 IFAPI_IO *io, 186 const char *path, 187 const IFAPI_OBJECT *object); 188 189 TSS2_RC 190 ifapi_keystore_store_finish( 191 IFAPI_IO *io); 192 193 TSS2_RC 194 ifapi_keystore_list_all( 195 IFAPI_KEYSTORE *keystore, 196 const char *searchpath, 197 char ***results, 198 size_t *numresults); 199 200 TSS2_RC 201 ifapi_keystore_delete( 202 IFAPI_KEYSTORE *keystore, 203 char *path); 204 205 TSS2_RC 206 ifapi_keystore_remove_directories( 207 IFAPI_KEYSTORE *keystore, 208 const char *dir_name); 209 210 TSS2_RC 211 ifapi_keystore_search_obj( 212 IFAPI_KEYSTORE *keystore, 213 IFAPI_IO *io, 214 TPM2B_NAME *name, 215 char **found_path); 216 217 TSS2_RC 218 ifapi_keystore_search_nv_obj( 219 IFAPI_KEYSTORE *keystore, 220 IFAPI_IO *io, 221 TPM2B_NV_PUBLIC *nv_public, 222 char **found_path); 223 224 TSS2_RC 225 ifapi_keystore_check_overwrite( 226 IFAPI_KEYSTORE *keystore, 227 const char *path); 228 229 TSS2_RC 230 ifapi_keystore_check_writeable( 231 IFAPI_KEYSTORE *keystore, 232 const char *path); 233 234 TSS2_RC 235 ifapi_copy_ifapi_key( 236 IFAPI_KEY * dest, 237 const IFAPI_KEY * src); 238 239 TSS2_RC 240 ifapi_copy_ifapi_hierarchy( 241 IFAPI_HIERARCHY * dest, 242 const IFAPI_HIERARCHY * src); 243 244 TSS2_RC 245 ifapi_copy_ifapi_key_object( 246 IFAPI_OBJECT * dest, 247 const IFAPI_OBJECT * src); 248 249 TSS2_RC 250 ifapi_copy_ifapi_hierarchy_object( 251 IFAPI_OBJECT * dest, 252 const IFAPI_OBJECT * src); 253 254 255 void ifapi_cleanup_ifapi_key( 256 IFAPI_KEY * key); 257 258 void ifapi_cleanup_ifapi_ext_pub_key( 259 IFAPI_EXT_PUB_KEY * key); 260 261 void ifapi_cleanup_ifapi_hierarchy( 262 IFAPI_HIERARCHY * hierarchy); 263 264 void ifapi_cleanup_ifapi_nv( 265 IFAPI_NV * nv); 266 267 void ifapi_cleanup_ifapi_duplicate( 268 IFAPI_DUPLICATE * duplicate); 269 270 void ifapi_cleanup_ifapi_key_search( 271 IFAPI_KEY_SEARCH * key_search); 272 273 void ifapi_cleanup_ifapi_keystore( 274 IFAPI_KEYSTORE * keystore); 275 276 void 277 ifapi_cleanup_ifapi_object( 278 IFAPI_OBJECT *object); 279 280 TSS2_RC 281 ifapi_check_provisioned( 282 IFAPI_KEYSTORE *keystore, 283 const char *rel_path, 284 bool *ok); 285 286 #endif /* IFAPI_KEYSTORE_H */ 287