/* SPDX-License-Identifier: BSD-2-Clause */ /******************************************************************************* * Copyright 2018-2019, Fraunhofer SIT sponsored by Infineon Technologies AG * All rights reserved. ******************************************************************************/ #ifndef FAPI_INT_H #define FAPI_INT_H #include "fapi_types.h" #include "ifapi_policy_types.h" #include "ifapi_policy_instantiate.h" #include "ifapi_eventlog.h" #include "ifapi_io.h" #include "ifapi_profiles.h" #include "ifapi_macros.h" #include "ifapi_keystore.h" #include "ifapi_policy_store.h" #include "ifapi_config.h" #include #include #include #include #include #include #include #include #include #include #include #include #include #include "tss2_esys.h" #include "tss2_fapi.h" #define DEFAULT_LOG_DIR "/run/tpm2_tss" #define IFAPI_PCR_LOG_FILE "pcr.log" #define IFAPI_OBJECT_TYPE ".json" #define IFAPI_OBJECT_FILE "object.json" #define IFAPI_SRK_KEY_PATH "HS/SRK" typedef UINT32 TSS2_KEY_TYPE; #define TSS2_SRK 2 #define TSS2_EK 3 #define MIN_EK_CERT_HANDLE 0x1c00000 #define MIN_PLATFORM_CERT_HANDLE 0x01C08000 #define MAX_PLATFORM_CERT_HANDLE 0x01C0FFFF typedef UINT8 IFAPI_SESSION_TYPE; #define IFAPI_SESSION_GENEK 0x01 #define IFAPI_SESSION1 0x02 #define IFAPI_SESSION2 0x04 #define IFAPI_POLICY_PATH "policy" #define IFAPI_NV_PATH "nv" #define IFAPI_EXT_PATH "ext" #define IFAPI_FILE_DELIM "/" #define IFAPI_LIST_DELIM ":" #define IFAPI_FILE_DELIM_CHAR '/' #define IFAPI_PUB_KEY_DIR "ext" #define IFAPI_POLICY_DIR "policy" #define IFAPI_PEM_PUBLIC_STRING "-----BEGIN PUBLIC KEY-----" #define IFAPI_PEM_PRIVATE_KEY "-----PRIVATE KEY-----" #define IFAPI_JSON_TAG_POLICY "policy" #define IFAPI_JSON_TAG_DUPLICATE "public_parent" #if TPM2_MAX_NV_BUFFER_SIZE > TPM2_MAX_DIGEST_BUFFER #define IFAPI_MAX_BUFFER_SIZE TPM2_MAX_NV_BUFFER_SIZE #else #define IFAPI_MAX_BUFFER_SIZE TPM2_MAX_DIGEST_BUFFER #endif #define IFAPI_FLUSH_PARENT true #define IFAPI_NOT_FLUSH_PARENT false /* Definition of FAPI buffer for TPM2B transmission */ typedef struct { UINT16 size; BYTE buffer[IFAPI_MAX_BUFFER_SIZE]; } IFAPI_MAX_BUFFER; #define OSSL_FREE(S,TYPE) if((S) != NULL) {TYPE##_free((void*) (S)); (S)=NULL;} #define FAPI_COPY_DIGEST(dest_buffer, dest_size, src, src_size) \ if (src_size > sizeof(TPMU_HA)) { \ return_error(TSS2_FAPI_RC_BAD_VALUE, "Digest size too large."); \ } \ memcpy(dest_buffer, (src), (src_size)); \ dest_size = src_size #define HASH_UPDATE(CONTEXT, TYPE, OBJECT, R, LABEL) \ { \ uint8_t buffer[sizeof(TYPE)]; \ size_t offset = 0; \ R = Tss2_MU_ ## TYPE ## _Marshal(OBJECT, \ &buffer[0], sizeof(TYPE), &offset); \ goto_if_error(R, "Marshal for hash update", LABEL); \ R = ifapi_crypto_hash_update(CONTEXT, \ (const uint8_t *) &buffer[0], \ offset); \ goto_if_error(R, "crypto hash update", LABEL); } #define HASH_UPDATE_BUFFER(CONTEXT, BUFFER, SIZE, R, LABEL) \ R = ifapi_crypto_hash_update(CONTEXT, \ (const uint8_t *) BUFFER, SIZE) ; \ goto_if_error(R, "crypto hash update", LABEL); #define FAPI_SYNC(r,msg,label, ...) \ if ((r & ~TSS2_RC_LAYER_MASK) == TSS2_BASE_RC_TRY_AGAIN) \ return TSS2_FAPI_RC_TRY_AGAIN; \ if (r != TSS2_RC_SUCCESS) { \ LOG_ERROR(TPM2_ERROR_FORMAT " " msg, TPM2_ERROR_TEXT(r), ## __VA_ARGS__); \ goto label; \ } /** The states for the FAPI's object authorization state*/ enum IFAPI_GET_CERT_STATE { GET_CERT_INIT = 0, GET_CERT_WAIT_FOR_GET_CAP, GET_CERT_GET_CERT_NV, GET_CERT_GET_CERT_NV_FINISH, GET_CERT_GET_CERT_READ_PUBLIC, GET_CERT_READ_CERT }; /** The states for the FAPI's cleanup after successful command execution*/ enum IFAPI_CLEANUP_STATE { CLEANUP_INIT = 0, CLEANUP_SESSION1, CLEANUP_SESSION2, CLEANUP_SRK }; #define IFAPI_MAX_CAP_INFO 17 typedef struct { char *description; TPMS_CAPABILITY_DATA *capability; } IFAPI_CAP_INFO; typedef struct { char *fapi_version; /**< The version string of FAPI */ char *fapi_config; /**< The configuration information */ IFAPI_CAP_INFO cap[IFAPI_MAX_CAP_INFO]; } IFAPI_INFO; /** Type for representing FAPI template for keys */ typedef struct { TPMI_YES_NO system; /**< Store the object in the system wide directory */ TPMI_YES_NO persistent; /**< Store key persistent in NV ram. */ UINT32 persistent_handle; /**< < Persistent handle which should be used */ TPM2B_PUBLIC public; /**< Template for public data */ } IFAPI_KEY_TEMPLATE; /** Type for representing template for NV objects */ typedef struct { TPMI_YES_NO system; /**< Store the object in the system wide directory */ TPMI_RH_HIERARCHY hierarchy; /**< Hierarchy for NV object. */ char *description; /**< Description of template. */ TPMS_NV_PUBLIC public; /**< Template for public data */ } IFAPI_NV_TEMPLATE; /** Type for representing a external public key */ typedef struct { TPMT_SIG_SCHEME sig_scheme; /**< Signature scheme used for quote. */ TPMS_ATTEST attest; /**< Attestation data from Quote */ } FAPI_QUOTE_INFO; /** The states for the FAPI's NV read state */ enum _FAPI_STATE_NV_READ { NV_READ_INIT = 0, NV_READ_AUTHORIZE, NV_READ_AUTHORIZE2, NV_READ_AUTH_SENT }; /** The states for the FAPI's NV write state */ enum _FAPI_STATE_NV_WRITE { NV2_WRITE_INIT = 0, NV2_WRITE_READ, NV2_WRITE_WAIT_FOR_SESSSION, NV2_WRITE_NULL_AUTH_SENT, NV2_WRITE_AUTH_SENT, NV2_WRITE_WRITE_PREPARE, NV2_WRITE_WRITE, NV2_WRITE_AUTHORIZE, NV2_WRITE_AUTHORIZE2 }; /** The data structure holding internal state of Fapi NV commands. */ typedef struct { char *nvPath ; /**< The name of the file for object serialization */ char *policyPath; /**< The name of the policy file */ TPM2B_NV_PUBLIC public; /**< The public info of the NV object. */ ESYS_TR esys_auth_handle; /**< The ESAPI handle for the NV auth object */ ESYS_TR esys_handle; /**< The ESAPI handle for the NV object */ size_t numBytes; /**< The number of bytes of a ESYS request */ UINT16 bytesRequested; /**< Bytes currently requested from TPM */ UINT16 offset; /**< Offset in TPM memory TPM */ size_t data_idx; /**< Offset in the read buffer */ const uint8_t *data; /**< Buffer for data to be written */ uint8_t *rdata; /**< Buffer for data to be read */ IFAPI_OBJECT auth_object; /**< Object used for authentication */ IFAPI_OBJECT nv_object; /**< Deserialized NV object */ TPM2B_AUTH auth; /**< The Password */ IFAPI_NV nv_obj; /**< The NV Object */ ESYS_TR auth_index; /**< The ESAPI handle of the authorization object */ uint64_t bitmap; /**< The bitmask for the SetBits command */ IFAPI_NV_TEMPLATE public_templ; /**< The template for nv creation, adjusted appropriate by the passed flags */ enum _FAPI_STATE_NV_READ nv_read_state; /**< The current state of NV read */ enum _FAPI_STATE_NV_WRITE nv_write_state; /**< The current state of NV write*/ uint8_t *write_data; char const *logData; /**< The event log for NV objects of type pcr */ json_object *jso_event_log; /**< logData in JSON format */ TPMI_RH_NV_INDEX maxNvIndex; /**< Max index for search for free index */ IFAPI_EVENT pcr_event; /**< Event to be added to log */ TPML_DIGEST_VALUES digests; /**< Digest for the event data of an extend */ bool skip_policy_computation; /**< switch whether policy needs to be computed */ } IFAPI_NV_Cmds; /** The data structure holding internal state of Fapi_Initialize command. */ typedef struct { TPMS_CAPABILITY_DATA *capability; /* TPM capability data to check available algs */ } IFAPI_INITIALIZE; /** The data structure holding internal state of Fapi_PCR commands. */ typedef struct { TPML_DIGEST_VALUES digest_list; /**< The digest list computed for the event */ TPML_DIGEST_VALUES *event_digests; /**< The digest list computed by TPM2_Event */ ESYS_TR PCR; /**< The handle of the PCR register to be extended */ TPML_PCR_SELECTION pcr_selection; /**< Selection used for Read and Quote */ TPML_PCR_SELECTION *pcr_selection_out; /**< Selection returned by PCR_Read */ UINT32 update_count; TPML_DIGEST *pcrValues; /* The values returned by PCR_Read */ TPM2_HANDLE pcrIndex; TPMI_ALG_HASH hashAlg; const char *keyPath; /**< The implicit key path for PCR_Quote */ ESYS_TR handle; /**< The ESYS handle of the signing key */ IFAPI_OBJECT *key_object; /**< The IPAPI object of the signing key */ TPMS_CAPABILITY_DATA *capabilityData; /* TPM capability data to check available algs */ uint32_t *pcrList; /**< Array of PCR numbers */ size_t pcrListSize; /**< Size of PCR array */ TPM2B_DATA qualifyingData; /**< Nonce for quote command */ uint8_t const *eventData; TPM2B_EVENT event; size_t eventDataSize; uint32_t const *hashAlgs; uint32_t *hashAlgs2; size_t numHashAlgs; char const *quoteInfo; TPM2B_ATTEST *tpm_quoted; TPMT_SIGNATURE *tpm_signature; uint8_t const *signature; size_t signatureSize; char const *logData; char *pcrLog; IFAPI_EVENT pcr_event; json_object *event_list; FAPI_QUOTE_INFO fapi_quote_info; } IFAPI_PCR; /** The data structure holding internal state of Fapi_SetDescription. */ typedef struct { char *description; /**< The description of the object */ UINT8_ARY appData; /**< Application data to be stored in object store. */ IFAPI_OBJECT object; /**< The IPAPI object to store the info*/ char *object_path; /**< The realative path to the object */ json_object *jso; /**< JSON object for storing the AppData */ char *jso_string; /**< JSON deserialized buffer */ } IFAPI_Path_SetDescription; /** The data structure holding internal state of Fapi_GetRandom. */ typedef struct { size_t numBytes; /**< The number of random bytes to be generated */ size_t idx; /**< Current position in output buffer. */ UINT16 bytesRequested; /**< Byted currently requested from TPM */ uint8_t *data; /**< The buffer for the random data */ } IFAPI_GetRandom; /** The data structure holding internal state of Fapi_Key_Setcertificate. */ typedef struct { const char *pem_cert; /**< The certifificate in pem or format */ char *pem_cert_dup; /**< The allocate certifificate */ const char *key_path; /**< The absolute key path */ NODE_STR_T *path_list; /**< The computed explicit path */ IFAPI_OBJECT key_object; /**< The IPAPI object for the certified key */ } IFAPI_Key_SetCertificate; /** The states for the FAPI's key creation */ enum IFAPI_KEY_CREATE_STATE { KEY_CREATE_INIT = 0, KEY_CREATE_WAIT_FOR_SESSION, KEY_CREATE_WAIT_FOR_PARENT, KEY_CREATE_AUTH_SENT, KEY_CREATE_WRITE_PREPARE, KEY_CREATE_WRITE, KEY_CREATE_FLUSH, KEY_CREATE_CALCULATE_POLICY, KEY_CREATE_WAIT_FOR_AUTHORIZATION, KEY_CREATE_CLEANUP }; /** The data structure holding internal state of Fapi_CreateKey. */ typedef struct { enum IFAPI_KEY_CREATE_STATE state; const char *keyPath; /**< The pathname from the application */ NODE_STR_T *path_list; /**< The computed explicit path */ IFAPI_OBJECT parent; /**< The parent of the key for used for creation. */ IFAPI_OBJECT object; /**< The current object. */ IFAPI_KEY_TEMPLATE public_templ; /**< The template for the keys public data */ TPM2B_PUBLIC public; /**< The public data of the key */ TPM2B_SENSITIVE_CREATE inSensitive; TPM2B_DATA outsideInfo; TPML_PCR_SELECTION creationPCR; ESYS_TR handle; const char *authValue; const char *policyPath; const IFAPI_PROFILE *profile; } IFAPI_Key_Create; /** The data structure holding internal state of Fapi_EncryptDecrypt. */ typedef struct { char const *keyPath; /**< The implicit key path */ uint8_t const *in_data; size_t in_dataSize; IFAPI_OBJECT *key_object; /**< The IPAPI object for the encryption key */ uint8_t *out_data; /**< The output of symmetric encrypt/decryption */ ESYS_TR key_handle; /**< The ESYS handle of the encryption key */ size_t numBytes; /**< The number of bytes of a ESYS request */ size_t decrypt; /**< Switch whether to encrypt or decrypt */ UINT16 bytesRequested; /**< Bytes currently requested from TPM */ TPMT_RSA_DECRYPT rsa_scheme; ESYS_TR object_handle; char *policy_path; ESYS_TR auth_session; const IFAPI_PROFILE *profile; } IFAPI_Data_EncryptDecrypt; /** The states for signing */ enum FAPI_SIGN_STATE { SIGN_INIT = 0, SIGN_WAIT_FOR_SESSION, SIGN_WAIT_FOR_KEY, SIGN_AUTH_SENT, SIGN_WAIT_FOR_FLUSH }; /** The data structure holding internal state of Fapi_Sign. */ typedef struct { enum FAPI_SIGN_STATE state; /**< The state of the signing operation */ const char *keyPath; /**< The implicit key path */ ESYS_TR handle; /**< The ESYS handle of the signing key */ TPM2B_DIGEST digest; /**< The digest to be signed */ TPMT_SIG_SCHEME scheme; /**< The signature scheme from profile */ IFAPI_OBJECT *key_object; /**< The IPAPI object of the signing key */ TPMT_SIGNATURE *tpm_signature; /**< The signature in TPM format */ TPMI_YES_NO decrypt; /**< Switch for symmetric algs */ TPMT_SIGNATURE *signature; /**< Produced TPM singature */ char const *padding; /**< Optional padding parameter for key sign. */ } IFAPI_Key_Sign; /** The data structure holding internal state of Fapi_Unseal. */ typedef struct { const char *keyPath; /**< The implicit key path */ IFAPI_OBJECT *object; /**< The IPAPI object storing the data to be unsealed */ TPM2B_SENSITIVE_DATA *unseal_data; /** The result of the esys unseal operation */ } IFAPI_Unseal; /** The data structure holding internal state of Fapi_GetInfo. */ typedef struct { TPMS_CAPABILITY_DATA *capability_data; /**< The TPM capability for one property */ TPMS_CAPABILITY_DATA *fetched_data; /**< The data fetched in one TPM command */ size_t idx_info_cap; IFAPI_INFO info_obj; UINT32 property_count; UINT32 property; } IFAPI_GetInfo; /** The states for the FAPI's hierarchy authorization state*/ enum IFAPI_HIERACHY_AUTHORIZATION_STATE { HIERARCHY_CHANGE_AUTH_INIT = 0, HIERARCHY_CHANGE_AUTH_NULL_AUTH_SENT, HIERARCHY_CHANGE_AUTH_AUTH_SENT }; /** The states for the FAPI's change policy authorization state*/ enum IFAPI_HIERACHY_POLICY_AUTHORIZATION_STATE { HIERARCHY_CHANGE_POLICY_INIT = 0, HIERARCHY_CHANGE_POLICY_NULL_AUTH_SENT, HIERARCHY_CHANGE_POLICY_AUTH_SENT }; /** The data structure holding internal state of Fapi_ChangeAuth. */ typedef struct { const char *entityPath; /**< The implicit key path */ ESYS_TR handle; /**< The ESYS handle of the key */ IFAPI_OBJECT *key_object; /**< The IPAPI object of the key */ const char *authValue; /**< The new auth value */ TPM2B_AUTH newAuthValue; /**< The new auth value */ TPM2B_PRIVATE *newPrivate; /**< New private data created by parend */ IFAPI_OBJECT object; /**< Deserialized NV object or hierarchy */ ESYS_TR nv_index; /**< NV handle of the object to be changed */ ESYS_TR hierarchy_handle; /**< NV handle of the hierarchy to be changed */ } IFAPI_Entity_ChangeAuth; /** The data structure holding internal state of Fapi_AuthorizePolicy. */ typedef struct { const char *policyPath; /**< Policy with Policy to be authorized */ const char *signingKeyPath; /**< Key for policy signing */ TPM2B_DIGEST policyRef; TPMS_POLICYAUTHORIZATION authorization; } IFAPI_Fapi_AuthorizePolicy; /** The data structure holding internal state of Fapi_WriteAuthorizeNv. */ typedef struct { const char *policyPath; /**< Policy with Policy to be authorized */ TPMI_ALG_HASH *hash_alg; /**< The hash alg used for digest computation */ size_t hash_size; /**< The digest size */ size_t digest_idx; /**< The index of the digest in the policy */ } IFAPI_api_WriteAuthorizeNv; /** The data structure holding internal state of Provisioning. */ typedef struct { IFAPI_OBJECT hierarchy; /**< The current used hierarchy for CreatePrimary */ IFAPI_KEY_TEMPLATE public_templ; /**< The basic template for the keys public data */ TPM2B_PUBLIC public; /**< The public info of the created primary */ TPM2B_SENSITIVE_CREATE inSensitive; TPM2B_DATA outsideInfo; TPML_PCR_SELECTION creationPCR; ESYS_TR handle; const char *authValueLockout; const char *authValueEh; const char *policyPathEh; const char *authValueSh; const char *policyPathSh; size_t digest_idx; size_t hash_size; TPM2_HANDLE cert_nv_idx; ESYS_TR esys_nv_cert_handle; char *pem_cert; TPM2_ALG_ID cert_key_type; size_t cert_count; size_t cert_idx; TPMS_CAPABILITY_DATA *capabilityData; IFAPI_OBJECT hierarchy_object; TPM2B_AUTH hierarchy_auth; TPM2B_DIGEST policy_digest; char *intermed_crt; char *root_crt; } IFAPI_Provision; /** The data structure holding internal state of regenerate primary key. */ typedef struct { char *path; /**< Path of the primary (starting with hierarchy) */ IFAPI_OBJECT hierarchy; /**< The current used hierarchy for CreatePrimary */ IFAPI_OBJECT pkey_object; TPM2B_SENSITIVE_CREATE inSensitive; TPM2B_DATA outsideInfo; TPML_PCR_SELECTION creationPCR; ESYS_TR handle; TPMI_DH_PERSISTENT persistent_handle; } IFAPI_CreatePrimary; /** The data structure holding internal state of key verify signature. */ typedef struct { const char *keyPath; uint8_t const *signature; size_t signatureSize; uint8_t const *digest; size_t digestSize; IFAPI_OBJECT key_object; } IFAPI_Key_VerifySignature; /** The states for the FAPI's policy loading */ enum IFAPI_STATE_POLICY { POLICY_INIT = 0, POLICY_READ, POLICY_READ_FINISH, POLICY_INSTANTIATE_PREPARE, POLICY_INSTANTIATE, POLICY_EXECUTE, POLICY_FLUSH }; typedef struct IFAPI_POLICY_EXEC_CTX IFAPI_POLICY_EXEC_CTX; typedef struct IFAPI_POLICYUTIL_STACK IFAPI_POLICYUTIL_STACK; /** The states for session creation */ enum FAPI_CREATE_SESSION_STATE { CREATE_SESSION_INIT = 0, CREATE_SESSION, WAIT_FOR_CREATE_SESSION }; /** The data structure holding internal policy state. */ typedef struct { enum IFAPI_STATE_POLICY state; struct TPMS_POLICY policy; size_t digest_idx; size_t hash_size; char **pathlist; /**< The array of all objects in the search path */ TPMI_ALG_HASH hash_alg; IFAPI_POLICY_EXEC_CTX *policy_stack; /**< The stack used for storing current policy information. e.g. for retry the current index of policy elements hash to be stored. */ IFAPI_POLICYUTIL_STACK *util_current_policy; IFAPI_POLICYUTIL_STACK *policyutil_stack; /**< The stack used for storing current policy information. e.g. for retry the current index of policy elements hash to be stored. */ ESYS_TR session; /**< Auxiliary variable to store created policy session. The value will also be stored in the policy stack */ enum FAPI_CREATE_SESSION_STATE create_session_state; char *path; IFAPI_POLICY_EVAL_INST_CTX eval_ctx; } IFAPI_POLICY_CTX; /** The states for the IFAPI's policy loading */ enum IFAPI_STATE_FILE_SEARCH { FSEARCH_INIT = 0, FSEARCH_READ, FSEARCH_OBJECT }; /** The data structure holding internal policy state. */ typedef struct { enum IFAPI_STATE_FILE_SEARCH state; char **pathlist; /**< The array of all objects in the search path */ size_t path_idx; /**< Index of array of objects to be searched */ size_t numPaths; /**< Number of all objects in data store */ char *current_path; } IFAPI_FILE_SEARCH_CTX; /** The states for the FAPI's key loading */ enum _FAPI_STATE_LOAD_KEY { LOAD_KEY_GET_PATH = 0, LOAD_KEY_READ_KEY, LOAD_KEY_WAIT_FOR_PRIMARY, LOAD_KEY_LOAD_KEY, LOAD_KEY_AUTH, LOAD_KEY_AUTHORIZE }; /** The data structure holding internal state of export key. */ typedef struct { char const *pathOfKeyToDuplicate; /**< The relative path of the key to be exported */ char const *pathToPublicKeyOfNewParent; /**< The relative path of the new parent */ TPM2B_PUBLIC public_parent; /**< The public key of the new parent */ IFAPI_OBJECT *key_object; /**< The IPAPI object of the key to be duplicated */ IFAPI_OBJECT export_tree; /**< The complete tree to be exported */ IFAPI_OBJECT pub_key; /**< The public part of the new parent */ IFAPI_OBJECT dup_key; /**< The key to be duplicated or exported */ struct TPMS_POLICY policy; ESYS_TR handle_ext_key; } IFAPI_ExportKey; /** The data structure holding internal state of export policy. */ typedef struct { char const *path; /**< Path of the object with the policy to be exported */ IFAPI_OBJECT object; /**< Object corresponding to path */ } IFAPI_ExportPolicy; /** The data structure holding internal state of import key. */ typedef struct { IFAPI_OBJECT object; TPM2B_NAME parent_name; IFAPI_OBJECT *parent_object; IFAPI_OBJECT new_object; char *parent_path; char *out_path; TPM2B_PRIVATE *private; char *jso_string; } IFAPI_ImportKey; /** The data structure holding internal state of loading keys. */ typedef struct { enum _FAPI_STATE_LOAD_KEY state; /**< The current state of key loading */ NODE_STR_T *path_list; /**< The current used hierarchy for CreatePrimary */ NODE_OBJECT_T *key_list; IFAPI_OBJECT auth_object; size_t position; ESYS_TR handle; ESYS_TR parent_handle; bool parent_handle_persistent; IFAPI_OBJECT *key_object; char *key_path; } IFAPI_LoadKey; /** The data structure holding internal state of entity delete. */ typedef struct { bool is_key; /**< Entity to be deleted is a key */ bool is_persistent_key; /**< Entity to be deleted is a key */ ESYS_TR new_object_handle; TPM2_HANDLE permanentHandle; /**< The TPM permanent handle */ IFAPI_OBJECT auth_object; /**< Object used for authentication */ ESYS_TR auth_index; /**< The ESAPI handle of the nv authorization object */ char *path; /**< The name of the file to be deleted */ IFAPI_OBJECT object; /**< Deserialized object */ char **pathlist; /**< The array with the object files to be deleted */ size_t numPaths; /**< Size of array with the object files to be deleted */ size_t path_idx; /**< Index of array with the object files to be deleted */ } IFAPI_Entity_Delete; /** The data structure holding internal state of list entities. */ typedef struct { const char *searchPath; /**< The path to searched for objectws */ } IFAPI_Entities_List; /** Union for all input parameters. * * The input parameters of a command need to be stored in order to enable * resubmission. This type provides the corresponding facilities. */ typedef union { IFAPI_Provision Provision; IFAPI_Key_Create Key_Create; IFAPI_Key_SetCertificate Key_SetCertificate; IFAPI_Entity_ChangeAuth Entity_ChangeAuth; IFAPI_Entity_Delete Entity_Delete; IFAPI_Entities_List Entities_List; IFAPI_Key_VerifySignature Key_VerifySignature; IFAPI_Data_EncryptDecrypt Data_EncryptDecrypt; IFAPI_PCR pcr; IFAPI_INITIALIZE Initialize; IFAPI_Path_SetDescription path_set_info; IFAPI_Fapi_AuthorizePolicy Policy_AuthorizeNewPolicy; IFAPI_api_WriteAuthorizeNv WriteAuthorizeNV; IFAPI_ExportKey ExportKey; IFAPI_ImportKey ImportKey; IFAPI_Unseal Unseal; IFAPI_GetInfo GetInfo; IFAPI_ExportPolicy ExportPolicy; } IFAPI_CMD_STATE; /** The states for the FAPI's primary key regeneration */ enum _FAPI_STATE_PRIMARY { PRIMARY_INIT = 0, PRIMARY_READ_KEY, PRIMARY_READ_HIERARCHY, PRIMARY_READ_HIERARCHY_FINISH, PRIMARY_AUTHORIZE_HIERARCHY, PRIMARY_HAUTH_SENT, PRIMARY_CREATED }; /** The states for the FAPI's primary key regeneration */ enum _FAPI_STATE_SESSION { SESSION_INIT = 0, SESSION_WAIT_FOR_PRIMARY, SESSION_CREATE_SESSION, SESSION_WAIT_FOR_SESSION1, SESSION_WAIT_FOR_SESSION2 }; /** The states for the FAPI's get random state */ enum _FAPI_STATE_GET_RANDOM { GET_RANDOM_INIT = 0, GET_RANDOM_SENT }; /** The states for flushing objects */ enum _FAPI_FLUSH_STATE { FLUSH_INIT = 0, WAIT_FOR_FLUSH }; /** The states for the FAPI's internal state machine */ enum _FAPI_STATE { _FAPI_STATE_INIT = 0, /**< The initial state after creation or after finishing a command. A new command can only be issued in this state. */ _FAPI_STATE_INTERNALERROR, /**< A non-recoverable error occurred within the ESAPI code. */ INITIALIZE_READ, INITIALIZE_INIT_TCTI, INITIALIZE_GET_CAP, INITIALIZE_WAIT_FOR_CAP, INITIALIZE_READ_PROFILE, INITIALIZE_READ_PROFILE_INIT, PROVISION_WAIT_FOR_GET_CAP1, PROVISION_INIT_GET_CAP2, PROVISION_WAIT_FOR_GET_CAP2, PROVISION_GET_CERT_NV, PROVISION_GET_CERT_NV_FINISH, PROVISION_GET_CERT_READ_PUBLIC, PROVISION_READ_CERT, PROVISION_PREPARE_READ_ROOT_CERT, PROVISION_READ_ROOT_CERT, PROVISION_READ_PROFILE, PROVISION_INIT_SRK, PROVISION_AUTH_EK_NO_AUTH_SENT, PROVISION_AUTH_EK_AUTH_SENT, PROVISION_AUTH_SRK_NO_AUTH_SENT, PROVISION_AUTH_SRK_AUTH_SENT, PROVISION_EK_WRITE_PREPARE, PROVISION_EK_WRITE, PROVISION_EK_CHECK_CERT, PROVISION_SRK_WRITE_PREPARE, PROVISION_SRK_WRITE, PROVISION_WAIT_FOR_EK_PERSISTENT, PROVISION_WAIT_FOR_SRK_PERSISTENT, PROVISION_CHANGE_LOCKOUT_AUTH, PROVISION_CHANGE_EH_CHECK, PROVISION_CHANGE_EH_AUTH, PROVISION_CHANGE_SH_CHECK, PROVISION_CHANGE_SH_AUTH, PROVISION_EH_CHANGE_POLICY, PROVISION_SH_CHANGE_POLICY, PROVISION_LOCKOUT_CHANGE_POLICY, PROVISION_FINISHED, PROVISION_WRITE_SH, PROVISION_WRITE_EH, PROVISION_WRITE_LOCKOUT, PROVISION_WRITE_LOCKOUT_PARAM, PROVISION_FLUSH_SRK, PROVISION_FLUSH_EK, PROVISION_CHECK_FOR_VENDOR_CERT, PROVISION_GET_VENDOR, KEY_CREATE, CREATE_SEAL, KEY_SET_CERTIFICATE_READ, KEY_SET_CERTIFICATE_WRITE, KEY_GET_CERTIFICATE_READ, GET_RANDOM_WAIT_FOR_SESSION, GET_RANDOM_WAIT_FOR_RANDOM, GET_RANDOM_CLEANUP, NV_CREATE_READ_PROFILE, NV_CREATE_READ_HIERARCHY, NV_CREATE_AUTHORIZE_HIERARCHY, NV_CREATE_GET_INDEX, NV_CREATE_FIND_INDEX, NV_CREATE_WAIT_FOR_SESSION, NV_CREATE_AUTH_SENT, NV_CREATE_WRITE, NV_CREATE_CALCULATE_POLICY, NV_WRITE_READ, NV_WRITE_WRITE, NV_WRITE_CLEANUP, NV_EXTEND_READ, NV_EXTEND_WAIT_FOR_SESSION, NV_EXTEND_AUTHORIZE, NV_EXTEND_AUTH_SENT, NV_EXTEND_WRITE, NV_EXTEND_CLEANUP, NV_INCREMENT_READ, NV_INCREMENT_WAIT_FOR_SESSION, NV_INCREMENT_AUTHORIZE, NV_INCREMENT_AUTH_SENT, NV_INCREMENT_WRITE, NV_INCREMENT_CLEANUP, NV_SET_BITS_READ, NV_SET_BITS_WAIT_FOR_SESSION, NV_SET_BITS_AUTHORIZE, NV_SET_BITS_AUTH_SENT, NV_SET_BITS_WRITE, NV_SET_BITS_CLEANUP, NV_READ_READ, NV_READ_WAIT, NV_READ_WAIT_FOR_SESSION, NV_READ_CLEANUP, ENTITY_DELETE_GET_FILE, ENTITY_DELETE_READ, ENTITY_DELETE_WAIT_FOR_SESSION, ENTITY_DELETE_NULL_AUTH_SENT_FOR_KEY, ENTITY_DELETE_AUTH_SENT_FOR_KEY, ENTITY_DELETE_NULL_AUTH_SENT_FOR_NV, ENTITY_DELETE_AUTH_SENT_FOR_NV, ENTITY_DELETE_KEY, ENTITY_DELETE_AUTHORIZE_NV, ENTITY_DELETE_FILE, ENTITY_DELETE_POLICY, ENTITY_DELETE_REMOVE_DIRS, ENTITY_GET_TPM_BLOBS_READ, KEY_SIGN_WAIT_FOR_KEY, KEY_SIGN_WAIT_FOR_SIGN, KEY_SIGN_CLEANUP, ENTITY_CHANGE_AUTH_WAIT_FOR_SESSION, ENTITY_CHANGE_AUTH_WAIT_FOR_KEY, ENTITY_CHANGE_AUTH_AUTH_SENT, ENTITY_CHANGE_AUTH_WAIT_FOR_FLUSH, ENTITY_CHANGE_AUTH_WRITE_PREPARE, ENTITY_CHANGE_AUTH_WRITE, ENTITY_CHANGE_AUTH_WAIT_FOR_KEY_AUTH, ENTITY_CHANGE_AUTH_WAIT_FOR_NV_READ, ENTITY_CHANGE_AUTH_WAIT_FOR_NV_AUTH, ENTITY_CHANGE_AUTH_WAIT_FOR_NV_CHANGE_AUTH, ENTITY_CHANGE_AUTH_HIERARCHY_CHANGE_AUTH, ENTITY_CHANGE_AUTH_HIERARCHY_READ, ENTITY_CHANGE_AUTH_HIERARCHY_AUTHORIZE, ENTITY_CHANGE_AUTH_CLEANUP, DATA_ENCRYPT_WAIT_FOR_PROFILE, DATA_ENCRYPT_WAIT_FOR_SESSION, DATA_ENCRYPT_WAIT_FOR_KEY, DATA_ENCRYPT_WAIT_FOR_FLUSH, DATA_ENCRYPT_WAIT_FOR_RSA_ENCRYPTION, DATA_ENCRYPT_CLEAN, DATA_DECRYPT_WAIT_FOR_PROFILE, DATA_DECRYPT_WAIT_FOR_SESSION, DATA_DECRYPT_WAIT_FOR_KEY, DATA_DECRYPT_WAIT_FOR_FLUSH, DATA_DECRYPT_WAIT_FOR_RSA_DECRYPTION, DATA_DECRYPT_AUTHORIZE_KEY, DATA_DECRYPT_CLEANUP, PCR_EXTEND_WAIT_FOR_SESSION, PCR_EXTEND_WAIT_FOR_GET_CAP, PCR_EXTEND_APPEND_EVENT_LOG, PCR_EXTEND_FINISH, PCR_EXTEND_CLEANUP, PCR_READ_READ_PCR, PCR_READ_READ_EVENT_LIST, PCR_QUOTE_WAIT_FOR_GET_CAP, PCR_QUOTE_WAIT_FOR_SESSION, PCR_QUOTE_WAIT_FOR_KEY, PCR_QUOTE_AUTH_SENT, PCR_QUOTE_AUTHORIZE, PCR_QUOTE_WAIT_FOR_FLUSH, PCR_QUOTE_READ_EVENT_LIST, PCR_QUOTE_CLEANUP, PATH_SET_DESCRIPTION_READ, PATH_SET_DESCRIPTION_WRITE, PATH_GET_DESCRIPTION_READ, APP_DATA_SET_READ, APP_DATA_SET_WRITE, AUTHORIZE_NEW_CALCULATE_POLICY, AUTHORIZE_NEW_LOAD_KEY, AUTHORIZE_NEW_KEY_SIGN_POLICY, AUTHORIZE_NEW_WRITE_POLICY_PREPARE, AUTHORIZE_NEW_WRITE_POLICY, AUTHORIZE_NEW_CLEANUP, WRITE_AUTHORIZE_NV_READ_NV, WRITE_AUTHORIZE_NV_CALCULATE_POLICY, WRITE_AUTHORIZE_NV_WRITE_NV_RAM_PREPARE, WRITE_AUTHORIZE_NV_WRITE_NV_RAM, WRITE_AUTHORIZE_NV_WRITE_OBJCECT, WRITE_AUTHORIZE_NV_WRITE_POLICY_PREPARE, WRITE_AUTHORIZE_NV_WRITE_POLICY, WRITE_AUTHORIZE_NV_CLEANUP, EXPORT_KEY_READ_PUB_KEY, EXPORT_KEY_READ_PUB_KEY_PARENT, EXPORT_KEY_WAIT_FOR_KEY, EXPORT_KEY_WAIT_FOR_DUPLICATE, EXPORT_KEY_WAIT_FOR_EXT_KEY, EXPORT_KEY_WAIT_FOR_AUTHORIZATON, EXPORT_KEY_WAIT_FOR_FLUSH1, EXPORT_KEY_WAIT_FOR_FLUSH2, EXPORT_KEY_CLEANUP, IMPORT_KEY_WRITE_POLICY, IMPORT_KEY_WRITE, IMPORT_KEY_SEARCH, IMPORT_KEY_LOAD_PARENT, IMPORT_KEY_AUTHORIZE_PARENT, IMPORT_KEY_IMPORT, IMPORT_KEY_WAIT_FOR_FLUSH, IMPORT_KEY_WRITE_OBJECT_PREPARE, IMPORT_KEY_WRITE_OBJECT, IMPORT_KEY_CLEANUP, UNSEAL_WAIT_FOR_KEY, UNSEAL_AUTHORIZE_OBJECT, UNSEAL_WAIT_FOR_UNSEAL, UNSEAL_WAIT_FOR_FLUSH, UNSEAL_CLEANUP, GET_PLATFORM_CERTIFICATE, POLICY_EXPORT_READ_OBJECT, POLICY_EXPORT_READ_OBJECT_FINISH, POLICY_EXPORT_READ_POLICY, POLICY_EXPORT_READ_POLICY_FINISH, VERIFY_QUOTE_READ, GET_INFO_GET_CAP, GET_INFO_GET_CAP_MORE, GET_INFO_WAIT_FOR_CAP }; /** Structure holding FAPI callbacks and userData * * This structure holds the callback pointers and corresponding userData pointers for each of the * three callback types of FAPI. They are set using Fapi_SetAuthCB, Fapi_SetBranchCB and * Fapi_SetSignCB. */ struct IFAPI_CALLBACKS { Fapi_CB_Auth auth; void *authData; Fapi_CB_Branch branch; void *branchData; Fapi_CB_Sign sign; void *signData; Fapi_CB_PolicyAction action; void *actionData; }; /** The data structure holding internal state information. * * Each FAPI_CONTEXT respresents a logically independent connection to the TPM. * It stores meta data information about object in order to calculate session * auths and similar things. */ struct FAPI_CONTEXT { ESYS_CONTEXT *esys; /**< The ESYS context used internally to talk to the TPM. */ struct IFAPI_CALLBACKS callbacks; /**< Callbacks for user interaction from FAPI */ struct IFAPI_IO io; struct IFAPI_EVENTLOG eventlog; struct IFAPI_KEYSTORE keystore; struct IFAPI_POLICY_STORE pstore; struct IFAPI_PROFILES profiles; enum _FAPI_STATE state; /**< The current state of the command execution */ enum _FAPI_STATE_PRIMARY primary_state; /**< The current state of the primary regeneration */ enum _FAPI_STATE_SESSION session_state; /**< The current state of the session creation */ enum _FAPI_STATE_GET_RANDOM get_random_state; /**< The current state of get random */ enum IFAPI_HIERACHY_AUTHORIZATION_STATE hierarchy_state; enum IFAPI_HIERACHY_POLICY_AUTHORIZATION_STATE hierarchy_policy_state; enum IFAPI_GET_CERT_STATE get_cert_state; enum _FAPI_FLUSH_STATE flush_object_state; /**< The current state of a flush operation */ enum IFAPI_CLEANUP_STATE cleanup_state; /**< The state of cleanup after command execution */ IFAPI_CONFIG config; /**< The profile independet configuration data */ UINT32 nv_buffer_max; /**< The maximal size for transfer of nv buffer content */ IFAPI_CMD_STATE cmd; /**< The state information of the currently executed command */ IFAPI_NV_Cmds nv_cmd; IFAPI_GetRandom get_random; IFAPI_CreatePrimary createPrimary; IFAPI_LoadKey loadKey; ESYS_TR session1; /**< The first session used by FAPI */ ESYS_TR session2; /**< The second session used by FAPI */ ESYS_TR policy_session; /**< The policy session used by FAPI */ ESYS_TR ek_handle; ESYS_TR srk_handle; bool ek_persistent; bool srk_persistent; IFAPI_SESSION_TYPE session_flags; TPMA_SESSION session1_attribute_flags; TPMA_SESSION session2_attribute_flags; IFAPI_MAX_BUFFER aux_data; /**< tpm2b data to be transferred */ IFAPI_POLICY_CTX policy; /**< The context of current policy. */ IFAPI_FILE_SEARCH_CTX fsearch; /**< The context for object search in key/policy store */ IFAPI_Key_Sign Key_Sign; /**< State information for key signing */ enum IFAPI_IO_STATE io_state; NODE_OBJECT_T *object_list; IFAPI_OBJECT *duplicate_key; /**< Will be needed for policy execution */ }; #define VENDOR_IFX 0x49465800 #define VENDOR_INTC 0x494E5443 #define VEDNOR_IBM 0x49424D20 #endif /* FAPI_INT_H */