| /* SPDX-License-Identifier: BSD-2-Clause */ |
| /******************************************************************************* |
| * Copyright 2018-2019, Fraunhofer SIT sponsored by Infineon Technologies AG |
| * All rights reserved. |
| ******************************************************************************/ |
| |
| #ifndef IFAPI_KEYSTORE_H |
| #define IFAPI_KEYSTORE_H |
| |
| #include <stdlib.h> |
| |
| #include "tss2_common.h" |
| #include "tss2_tpm2_types.h" |
| #include "fapi_types.h" |
| #include "ifapi_policy_types.h" |
| #include "tss2_esys.h" |
| |
| typedef UINT32 IFAPI_OBJECT_TYPE_CONSTANT; |
| #define IFAPI_OBJ_NONE 0 /**< Tag for key resource */ |
| #define IFAPI_KEY_OBJ 1 /**< Tag for key resource */ |
| #define IFAPI_NV_OBJ 2 /**< Tag for NV Ram resource */ |
| #define IFAPI_EXT_PUB_KEY_OBJ 3 /**< Tag for key resource */ |
| #define IFAPI_HIERARCHY_OBJ 4 /**< Tag for other resources, e.g. PCR register, hierarchies */ |
| #define IFAPI_DUPLICATE_OBJ 5 /**< Tag for key duplication object */ |
| |
| /** Type for representing a FAPI key |
| */ |
| typedef struct { |
| UINT32 persistent_handle; /**< Persistent TPM Handle */ |
| TPM2B_PUBLIC public; /**< The wrapped public portion of the object */ |
| UINT8_ARY serialization; /**< None */ |
| UINT8_ARY private; /**< None */ |
| char *policyInstance; /**< Keys policy */ |
| TPM2B_CREATION_DATA creationData; /**< None */ |
| TPMT_TK_CREATION creationTicket; /**< None */ |
| char *description; /**< Human readable description of key */ |
| UINT8_ARY appData; /**< Application data */ |
| char *certificate; /**< Keys certificate (if any) */ |
| TPMT_SIG_SCHEME signing_scheme; /**< Signing scheme for the key */ |
| TPM2B_NAME name; /**< Name of the key */ |
| TPMI_YES_NO with_auth; /**< Authorization provided during creation */ |
| } IFAPI_KEY; |
| |
| /** Type for representing a external public key |
| */ |
| typedef struct { |
| char *pem_ext_public; /**< Public key in PEM format */ |
| char *certificate; /**< Keys certificate (if any) */ |
| TPM2B_PUBLIC public; /**< The pulic information in TPM format */ |
| } IFAPI_EXT_PUB_KEY; |
| |
| /** Type for representing hierarchy |
| */ |
| typedef struct { |
| TPMI_YES_NO with_auth; /**< Authorization provided */ |
| char *description; /**< Human readable description of hierarchy */ |
| TPM2B_DIGEST authPolicy; |
| } IFAPI_HIERARCHY; |
| |
| /** Type for representing a FAPI NV object |
| */ |
| typedef struct { |
| TPM2B_NV_PUBLIC public; /**< The wrapped public portion of the object */ |
| UINT8_ARY serialization; /**< None */ |
| UINT32 hierarchy; /**< The hierarchy used for NV object creation */ |
| char *policyInstance; /**< Keys policy */ |
| char *description; /**< Human readable description of key */ |
| UINT8_ARY appData; /**< Application data */ |
| TPMI_YES_NO with_auth; /**< Authorization provided during creation */ |
| char* event_log; /**< The event log if NV type is pcr */ |
| } IFAPI_NV; |
| |
| /** Type for representing a FAPI object for key duplication. |
| */ |
| typedef struct { |
| |
| TPM2B_PRIVATE duplicate; /**< The duplicate of the key to export*/ |
| TPM2B_ENCRYPTED_SECRET encrypted_seed; /**< Encrypted seed needed for key import */ |
| TPM2B_PUBLIC public; /**< The public information of the key to be duplicated */ |
| TPM2B_PUBLIC public_parent; /**< The public information of the new parent key */ |
| char *certificate; /**< The certificate of the key to be duplicated */ |
| TPMS_POLICY *policy; /**< The policy of the key to be duplicated */ |
| } IFAPI_DUPLICATE; |
| |
| /** type for representing public info of a TPM-Resource |
| */ |
| typedef union { |
| IFAPI_EXT_PUB_KEY ext_pub_key; /**< Public info for external key. */ |
| IFAPI_KEY key; /**< Public info for key objects */ |
| IFAPI_NV nv; /**< Public info for NV ram objects */ |
| IFAPI_DUPLICATE key_tree; /**< Information for key duplication */ |
| IFAPI_HIERARCHY hierarchy; /**< Information related to hierarchies */ |
| } IFAPI_OBJECT_UNION; |
| |
| /** The states for key searching */ |
| enum FAPI_SEARCH_STATE { |
| KSEARCH_INIT = 0, |
| KSEARCH_SEARCH_OBJECT, |
| KSEARCH_READ |
| }; |
| |
| /** The data structure holding internal state for key searching. |
| */ |
| typedef struct { |
| size_t path_idx; /**< Index of array of objects to be searched */ |
| size_t numPaths; /**< Number of all objects in data store */ |
| char **pathlist; /**< The array of all objects in the search path */ |
| enum FAPI_SEARCH_STATE state; |
| } IFAPI_KEY_SEARCH; |
| |
| typedef struct IFAPI_KEYSTORE { |
| char *systemdir; |
| char *userdir; |
| char *defaultprofile; |
| IFAPI_KEY_SEARCH key_search; |
| } IFAPI_KEYSTORE; |
| |
| |
| /** The states for the FAPI's object authorization state*/ |
| enum IFAPI_AUTHORIZATION_STATE { |
| AUTH_INIT = 0, |
| AUTH_CHECK_POLICY, |
| AUTH_CREATE_SESSION, |
| AUTH_EXEC_POLICY, |
| AUTH_FLUSH_OLD_POLICY, |
| AUTH_DONE |
| }; |
| |
| /** The states for the FAPI's object write/read state*/ |
| enum IFAPI_IO_STATE { |
| IO_INIT = 0, |
| IO_ACTIVE, |
| }; |
| |
| /** Type for representing TPM-Resource |
| */ |
| typedef struct _IFAPI_OBJECT { |
| TPMS_POLICY *policy; |
| IFAPI_OBJECT_TYPE_CONSTANT objectType; /**< Selector for object type */ |
| IFAPI_OBJECT_UNION misc; /**< Resource specific information */ |
| TPMI_YES_NO system; /**< Store the object in the system wide |
| directory */ |
| ESYS_TR handle; /**< Handle used by ESAPI */ |
| enum IFAPI_AUTHORIZATION_STATE authorization_state; /**< State of object authorization state machine */ |
| enum IFAPI_IO_STATE state; |
| |
| } IFAPI_OBJECT; |
| |
| |
| TSS2_RC |
| ifapi_keystore_initialize( |
| IFAPI_KEYSTORE *keystore, |
| const char *config_systemdir, |
| const char *config_userdir, |
| const char *config_defaultprofile); |
| |
| TSS2_RC |
| ifapi_keystore_load_async( |
| IFAPI_KEYSTORE *keystore, |
| IFAPI_IO *io, |
| const char *path); |
| |
| TSS2_RC |
| ifapi_keystore_load_finish( |
| IFAPI_KEYSTORE *keystore, |
| IFAPI_IO *io, |
| IFAPI_OBJECT *object); |
| |
| TSS2_RC |
| ifapi_keystore_store_async( |
| IFAPI_KEYSTORE *keystore, |
| IFAPI_IO *io, |
| const char *path, |
| const IFAPI_OBJECT *object); |
| |
| TSS2_RC |
| ifapi_keystore_store_finish( |
| IFAPI_KEYSTORE *keystore, |
| IFAPI_IO *io); |
| |
| TSS2_RC |
| ifapi_keystore_list_all( |
| IFAPI_KEYSTORE *keystore, |
| const char *searchpath, |
| char ***results, |
| size_t *numresults); |
| |
| TSS2_RC |
| ifapi_keystore_delete( |
| IFAPI_KEYSTORE *keystore, |
| char *path); |
| |
| TSS2_RC |
| ifapi_keystore_remove_directories( |
| IFAPI_KEYSTORE *keystore, |
| const char *dir_name); |
| |
| TSS2_RC |
| ifapi_keystore_search_obj( |
| IFAPI_KEYSTORE *keystore, |
| IFAPI_IO *io, |
| TPM2B_NAME *name, |
| char **found_path); |
| |
| TSS2_RC |
| ifapi_keystore_search_nv_obj( |
| IFAPI_KEYSTORE *keystore, |
| IFAPI_IO *io, |
| TPM2B_NV_PUBLIC *nv_public, |
| char **found_path); |
| |
| TSS2_RC |
| ifapi_keystore_check_overwrite( |
| IFAPI_KEYSTORE *keystore, |
| IFAPI_IO *io, |
| const char *path); |
| |
| TSS2_RC |
| ifapi_keystore_check_writeable( |
| IFAPI_KEYSTORE *keystore, |
| IFAPI_IO *io, |
| const char *path); |
| |
| TSS2_RC |
| ifapi_copy_ifapi_key( |
| IFAPI_KEY * dest, |
| const IFAPI_KEY * src); |
| |
| TSS2_RC |
| ifapi_copy_ifapi_key_object( |
| IFAPI_OBJECT * dest, |
| const IFAPI_OBJECT * src); |
| |
| void ifapi_cleanup_ifapi_key( |
| IFAPI_KEY * key); |
| |
| void ifapi_cleanup_ifapi_ext_pub_key( |
| IFAPI_EXT_PUB_KEY * key); |
| |
| void ifapi_cleanup_ifapi_hierarchy( |
| IFAPI_HIERARCHY * hierarchy); |
| |
| void ifapi_cleanup_ifapi_nv( |
| IFAPI_NV * nv); |
| |
| void ifapi_cleanup_ifapi_duplicate( |
| IFAPI_DUPLICATE * duplicate); |
| |
| void ifapi_cleanup_ifapi_key_search( |
| IFAPI_KEY_SEARCH * key_search); |
| |
| void ifapi_cleanup_ifapi_keystore( |
| IFAPI_KEYSTORE * keystore); |
| |
| void |
| ifapi_cleanup_ifapi_object( |
| IFAPI_OBJECT *object); |
| |
| #endif /* IFAPI_KEYSTORE_H */ |