1 /* SPDX-License-Identifier: BSD-2-Clause */ 2 /******************************************************************************* 3 * Copyright 2018-2019, Fraunhofer SIT sponsored by Infineon Technologies AG 4 * All rights reserved. 5 *******************************************************************************/ 6 #ifndef FAPI_POLICY_EXECUTE_H 7 #define FAPI_POLICY_EXECUTE_H 8 9 #include <stdint.h> 10 #include <stdarg.h> 11 #include <stdbool.h> 12 #include <sys/stat.h> 13 #include <json-c/json.h> 14 #include <json-c/json_util.h> 15 16 #include "tss2_esys.h" 17 #include "tss2_fapi.h" 18 19 TSS2_RC 20 ifapi_extend_authorization( 21 TPMS_POLICY *policy, 22 TPMS_POLICYAUTHORIZATION *authorization); 23 24 typedef TSS2_RC(*Policy_Compare_Object)( 25 TPMS_POLICY *policy, 26 void *object1, 27 void *object2, 28 bool *found); 29 30 /** List of policies which fulfill a certain predicate. 31 * 32 * The elements are stored in a linked list. 33 */ 34 struct POLICY_LIST { 35 const char *path; /**< The path of the policy object */ 36 TPMS_POLICY policy; /**< The policy object */ 37 struct POLICY_LIST *next; /**< Pointer to next element */ 38 }; 39 40 /** List of policies which fulfill a certain predicate. 41 * 42 * The elements are stored in a linked list. 43 */ 44 struct policy_object_node { 45 const char *path; /**< The path of the policy object */ 46 TPMS_POLICY policy; /**< The policy object */ 47 struct policy_object_node *next; /**< Pointer to next element */ 48 }; 49 50 typedef TSS2_RC (*ifapi_policyexec_cbauth) ( 51 TPM2B_NAME *name, 52 ESYS_TR *object_handle, 53 ESYS_TR *auth_handle, 54 ESYS_TR *authSession, 55 void *userdata); 56 57 typedef TSS2_RC (*ifapi_policyexec_cbdup) ( 58 TPM2B_NAME *name, 59 void *userdata); 60 61 typedef TSS2_RC (*ifapi_policyexec_cbpolsel) ( 62 TPML_POLICYBRANCHES *branches, 63 size_t *branch_idx, 64 void *userdata); 65 66 typedef TSS2_RC (*ifapi_policyexec_cbsign) ( 67 char *key_pem, 68 char *public_key_hint, 69 TPMI_ALG_HASH key_pem_hash_alg, 70 uint8_t *buffer, 71 size_t buffer_size, 72 const uint8_t **signature, 73 size_t *signature_size, 74 void *userdata); 75 76 typedef TSS2_RC (*ifapi_policyexec_cbauthpol) ( 77 TPMT_PUBLIC *key_public, 78 TPMI_ALG_HASH hash_alg, 79 TPM2B_DIGEST *digest, 80 TPM2B_NONCE *policyRef, 81 TPMT_SIGNATURE *signature, 82 void *userdata); 83 84 typedef TSS2_RC (*ifapi_policyexec_cbauthnv) ( 85 TPM2B_NV_PUBLIC *nv_public, 86 TPMI_ALG_HASH hash_alg, 87 void *userdata); 88 89 typedef TSS2_RC (*ifapi_policyexec_cbaction) ( 90 const char *action, 91 void *userdata); 92 93 typedef struct { 94 ifapi_policyexec_cbauth cbauth; /**< Callback to authorize an object 95 retrieved by name in keystore */ 96 void *cbauth_userdata; 97 ifapi_policyexec_cbpolsel cbpolsel; /**< Callback for selection of policy 98 branch */ 99 void *cbpolsel_userdata; 100 ifapi_policyexec_cbsign cbsign; /**< Callback for policy sign */ 101 void *cbsign_userdata; 102 ifapi_policyexec_cbauthpol cbauthpol; /**< Callback for policy authorize */ 103 void *cbauthpol_userdata; 104 ifapi_policyexec_cbauthnv cbauthnv; /**< Callback for policy authorize nv */ 105 void *cbauthnv_userdata; 106 ifapi_policyexec_cbdup cbdup; /**< Callback for policy duplication 107 select */ 108 void *cbdup_userdata; 109 ifapi_policyexec_cbaction cbaction; /**< Callback for policy action */ 110 void *cbaction_userdata; 111 } ifapi_policyeval_EXEC_CB; 112 113 /** The states for policy execution */ 114 enum IFAPI_STATE_POLICY_EXCECUTE { 115 POLICY_EXECUTE_INIT = 0, 116 POLICY_EXECUTE_FINISH, 117 POLICY_EXECUTE_CALLBACK, 118 POLICY_LOAD_KEY, 119 POLICY_FLUSH_KEY, 120 POLICY_VERIFY, 121 POLICY_AUTH_CALLBACK, 122 POLICY_AUTH_SENT, 123 POLICY_EXEC_ESYS 124 }; 125 126 typedef struct IFAPI_POLICY_CALLBACK_CTX IFAPI_POLICY_CALLBACK_CTX; 127 128 /** The context of the policy execution */ 129 struct IFAPI_POLICY_EXEC_CTX { 130 enum IFAPI_STATE_POLICY_EXCECUTE state; 131 /**< The execution state of the current 132 policy command */ 133 TPML_DIGEST digest_list; /** The digest list of policy or */ 134 IFAPI_POLICY_EXEC_CTX *next; /**< Pointer to next policy */ 135 IFAPI_POLICY_EXEC_CTX *prev; /**< Pointer to previous policy */ 136 ESYS_TR session; /**< The current policy session */ 137 TPMS_POLICY *policy; 138 ESYS_TR policySessionSav; /**< Backup policy session */ 139 ESYS_TR object_handle; 140 ESYS_TR nv_index; 141 ESYS_TR auth_handle; 142 IFAPI_OBJECT auth_objectNV; /**< Object used for NV authentication */ 143 IFAPI_OBJECT *auth_object; /**< Object to be authorized */ 144 ESYS_TR auth_session; 145 TPMI_ALG_HASH hash_alg; 146 void *app_data; /**< Application data for policy execution callbacks */ 147 NODE_OBJECT_T *policy_elements; /**< The policy elements to be executed */ 148 TPM2B_DIGEST *nonceTPM; 149 uint8_t *buffer; 150 size_t buffer_size; 151 TPM2B_NAME name; 152 char *pem_key; /**< Pem key recreated during policy execution */ 153 struct POLICY_LIST *policy_list; 154 /**< List of policies for authorization selection */ 155 ifapi_policyeval_EXEC_CB callbacks; 156 /**< callbacks used for execution of sub 157 policies and actions which require access 158 to the FAPI context. */ 159 }; 160 161 TSS2_RC 162 ifapi_policyeval_execute_prepare( 163 IFAPI_POLICY_EXEC_CTX *pol_ctx, 164 TPMI_ALG_HASH hash_alg, 165 TPMS_POLICY *policy); 166 167 TSS2_RC 168 ifapi_policyeval_execute( 169 ESYS_CONTEXT *esys_ctx, 170 IFAPI_POLICY_EXEC_CTX *current_policy); 171 172 #endif /* FAPI_POLICY_EXECUTE_H */ 173