9 #include "fapi_types.h"
10 #include "ifapi_policy_types.h"
11 #include "ifapi_policy_instantiate.h"
12 #include "ifapi_eventlog.h"
14 #include "ifapi_profiles.h"
15 #include "ifapi_macros.h"
16 #include "ifapi_keystore.h"
17 #include "ifapi_policy_store.h"
18 #include "ifapi_config.h"
31 #include <json-c/json.h>
34 #include "tss2_esys.h"
35 #include "tss2_fapi.h"
37 #define DEFAULT_LOG_DIR "/run/tpm2_tss"
38 #define IFAPI_PCR_LOG_FILE "pcr.log"
39 #define IFAPI_OBJECT_TYPE ".json"
40 #define IFAPI_OBJECT_FILE "object.json"
41 #define IFAPI_SRK_KEY_PATH "/HS/SRK"
42 #define IFAPI_EK_KEY_PATH "/HE/EK"
43 #define IFAPI_HS_PATH "/HS"
44 #define IFAPI_HE_PATH "/HE"
45 #define IFAPI_HN_PATH "/HN"
46 #define IFAPI_LOCKOUT_PATH "/LOCKOUT"
47 #define IFAPI_SRK_OBJECT_PATH "/HS/SRK/object.json"
48 #define IFAPI_HS_OBJECT_PATH "/HS/object.json"
50 typedef UINT32 TSS2_KEY_TYPE;
53 #define MIN_EK_CERT_HANDLE 0x1c00000
54 #define MIN_PLATFORM_CERT_HANDLE 0x01C08000
55 #define MAX_PLATFORM_CERT_HANDLE 0x01C0FFFF
57 typedef UINT8 IFAPI_SESSION_TYPE;
58 #define IFAPI_SESSION_GEN_SRK 0x01
59 #define IFAPI_SESSION1 0x02
60 #define IFAPI_SESSION2 0x04
61 #define IFAPI_SESSION_USE_SRK 0x08
63 #define IFAPI_POLICY_PATH "policy"
64 #define IFAPI_NV_PATH "nv"
65 #define IFAPI_EXT_PATH "ext"
66 #define IFAPI_FILE_DELIM "/"
67 #define IFAPI_LIST_DELIM ":"
68 #define IFAPI_FILE_DELIM_CHAR '/'
69 #define IFAPI_PUB_KEY_DIR "ext"
70 #define IFAPI_POLICY_DIR "policy"
71 #define IFAPI_PEM_PUBLIC_STRING "-----BEGIN PUBLIC KEY-----"
72 #define IFAPI_PEM_PRIVATE_KEY "-----BEGIN PRIVATE KEY-----"
73 #define IFAPI_PEM_RSA_PRIVATE_KEY "-----BEGIN RSA PRIVATE KEY-----"
74 #define IFAPI_PEM_ECC_PRIVATE_KEY "-----BEGIN EC PRIVATE KEY-----"
75 #define IFAPI_JSON_TAG_POLICY "policy"
76 #define IFAPI_JSON_TAG_OBJECT_TYPE "objectType"
77 #define IFAPI_JSON_TAG_DUPLICATE "public_parent"
79 #define FAPI_WRITE W_OK
80 #define FAPI_READ R_OK
82 #if TPM2_MAX_NV_BUFFER_SIZE > TPM2_MAX_DIGEST_BUFFER
83 #define IFAPI_MAX_BUFFER_SIZE TPM2_MAX_NV_BUFFER_SIZE
85 #define IFAPI_MAX_BUFFER_SIZE TPM2_MAX_DIGEST_BUFFER
88 #define IFAPI_FLUSH_PARENT true
89 #define IFAPI_NOT_FLUSH_PARENT false
94 BYTE buffer[IFAPI_MAX_BUFFER_SIZE];
97 #define OSSL_FREE(S,TYPE) if((S) != NULL) {TYPE##_free((void*) (S)); (S)=NULL;}
100 #define FAPI_COPY_DIGEST(dest_buffer, dest_size, src, src_size) \
101 if (src_size > sizeof(TPMU_HA)) { \
102 return_error(TSS2_FAPI_RC_BAD_VALUE, "Digest size too large."); \
104 memcpy(dest_buffer, (src), (src_size)); \
107 #define HASH_UPDATE(CONTEXT, TYPE, OBJECT, R, LABEL) \
109 uint8_t buffer[sizeof(TYPE)]; \
111 R = Tss2_MU_ ## TYPE ## _Marshal(OBJECT, \
112 &buffer[0], sizeof(TYPE), &offset); \
113 goto_if_error(R, "Marshal for hash update", LABEL); \
114 R = ifapi_crypto_hash_update(CONTEXT, \
115 (const uint8_t *) &buffer[0], \
117 goto_if_error(R, "crypto hash update", LABEL); }
119 #define HASH_UPDATE_BUFFER(CONTEXT, BUFFER, SIZE, R, LABEL) \
120 R = ifapi_crypto_hash_update(CONTEXT, \
121 (const uint8_t *) BUFFER, SIZE) ; \
122 goto_if_error(R, "crypto hash update", LABEL);
124 #define FAPI_SYNC(r,msg,label, ...) \
125 if (base_rc(r) == TSS2_BASE_RC_TRY_AGAIN) \
126 return TSS2_FAPI_RC_TRY_AGAIN; \
127 if (r != TSS2_RC_SUCCESS) { \
128 LOG_ERROR(TPM2_ERROR_FORMAT " " msg, TPM2_ERROR_TEXT(r), ## __VA_ARGS__); \
132 #define ENC_SESSION_IF_POLICY(auth_session) \
133 (auth_session == ESYS_TR_PASSWORD || auth_session == ESYS_TR_NONE || \
134 auth_session == context->session2 || \
135 !context->session2) ? ESYS_TR_NONE : context->session2
138 enum IFAPI_GET_CERT_STATE {
140 GET_CERT_WAIT_FOR_GET_CAP,
141 GET_CERT_GET_CERT_NV,
142 GET_CERT_GET_CERT_NV_FINISH,
143 GET_CERT_GET_CERT_READ_PUBLIC,
144 GET_CERT_GET_CERT_READ_HIERARCHY,
149 enum IFAPI_CLEANUP_STATE {
157 enum IFAPI_READ_NV_PUBLIC_STATE {
158 READ_NV_PUBLIC_INIT = 0,
159 READ_NV_PUBLIC_GET_ESYS_TR,
160 READ_NV_PUBLIC_GET_PUBLIC
163 #define IFAPI_MAX_CAP_INFO 17
167 TPMS_CAPABILITY_DATA *capability;
193 TPMS_NV_PUBLIC
public;
198 enum _FAPI_STATE_NV_READ {
203 NV_READ_CHECK_HANDLE,
204 NV_READ_GET_CAPABILITY,
205 NV_READ_GET_ESYS_HANDLE,
206 NV_READ_GET_NV_PUBLIC
210 enum _FAPI_STATE_NV_WRITE {
213 NV2_WRITE_WAIT_FOR_SESSSION,
214 NV2_WRITE_NULL_AUTH_SENT,
216 NV2_WRITE_WRITE_PREPARE,
227 TPM2B_NV_PUBLIC
public;
247 enum _FAPI_STATE_NV_READ nv_read_state;
248 enum _FAPI_STATE_NV_WRITE nv_write_state;
261 TPMS_CAPABILITY_DATA *capability;
280 TPML_DIGEST *pcrValues;
281 TPM2_HANDLE pcrIndex;
282 TPMI_ALG_HASH hashAlg;
286 TPMS_CAPABILITY_DATA *capabilityData;
290 uint8_t
const *eventData;
292 size_t eventDataSize;
293 uint32_t
const *hashAlgs;
296 char const *quoteInfo;
298 TPM2B_ATTEST *tpm_quoted;
299 TPMT_SIGNATURE *tpm_signature;
301 size_t signatureSize;
305 json_object *event_list;
309 char *event_log_file;
344 enum IFAPI_KEY_CREATE_STATE {
346 KEY_CREATE_WAIT_FOR_SESSION,
347 KEY_CREATE_WAIT_FOR_PARENT,
348 KEY_CREATE_AUTH_SENT,
349 KEY_CREATE_WAIT_FOR_LOAD_AUTHORIZATION,
350 KEY_CREATE_WAIT_FOR_KEY,
351 KEY_CREATE_WAIT_FOR_HIERARCHY,
352 KEY_CREATE_AUTHORIZE_HIERARCHY,
353 KEY_CREATE_WAIT_FOR_EVICT_CONTROL,
354 KEY_CREATE_WRITE_PREPARE,
358 KEY_CREATE_CALCULATE_POLICY,
359 KEY_CREATE_PRIMARY_CALCULATE_POLICY,
360 KEY_CREATE_WAIT_FOR_AUTHORIZATION,
362 KEY_CREATE_WAIT_FOR_RANDOM,
363 KEY_CREATE_PRIMARY_INIT,
364 KEY_CREATE_PRIMARY_WAIT_FOR_SESSION,
365 KEY_CREATE_PRIMARY_WAIT_FOR_HIERARCHY,
366 KEY_CREATE_PRIMARY_WAIT_FOR_AUTHORIZE1,
367 KEY_CREATE_PRIMARY_WAIT_FOR_AUTHORIZE2,
368 KEY_CREATE_PRIMARY_WAIT_FOR_PRIMARY,
369 KEY_CREATE_PRIMARY_WAIT_FOR_EVICT_CONTROL,
370 KEY_CREATE_PRIMARY_FLUSH,
371 KEY_CREATE_PRIMARY_WRITE_PREPARE,
372 KEY_CREATE_PRIMARY_WRITE,
373 KEY_CREATE_PRIMARY_CLEANUP
379 enum IFAPI_KEY_CREATE_STATE state;
387 TPM2B_SENSITIVE_CREATE inSensitive;
388 TPM2B_DATA outsideInfo;
389 TPML_PCR_SELECTION creationPCR;
391 const char *authValue;
392 const char *policyPath;
402 uint8_t
const *in_data;
409 TPMT_RSA_DECRYPT rsa_scheme;
415 size_t plainTextSize;
417 size_t cipherTextSize;
421 enum FAPI_SIGN_STATE {
423 SIGN_WAIT_FOR_SESSION,
432 enum FAPI_SIGN_STATE state;
444 size_t signatureSize;
453 TPM2B_SENSITIVE_DATA *unseal_data;
464 UINT32 property_count;
469 enum IFAPI_HIERACHY_AUTHORIZATION_STATE {
470 HIERARCHY_CHANGE_AUTH_INIT = 0,
471 HIERARCHY_CHANGE_AUTH_NULL_AUTH_SENT,
472 HIERARCHY_CHANGE_AUTH_AUTH_SENT
476 enum IFAPI_HIERACHY_POLICY_AUTHORIZATION_STATE {
477 HIERARCHY_CHANGE_POLICY_INIT = 0,
478 HIERARCHY_CHANGE_POLICY_NULL_AUTH_SENT,
479 HIERARCHY_CHANGE_POLICY_AUTHORIZE,
480 HIERARCHY_CHANGE_POLICY_AUTH_SENT
506 TPM2B_DIGEST policyRef;
536 TPM2B_SENSITIVE_CREATE inSensitive;
537 TPM2B_DATA outsideInfo;
538 TPML_PCR_SELECTION creationPCR;
540 const char *authValueLockout;
541 const char *authValueEh;
542 const char *policyPathEh;
543 const char *authValueSh;
544 const char *policyPathSh;
547 TPM2_HANDLE cert_nv_idx;
548 TPM2B_NV_PUBLIC *nvPublic;
551 TPM2_ALG_ID cert_key_type;
554 TPMS_CAPABILITY_DATA *capabilityData;
556 TPM2B_AUTH hierarchy_auth;
557 TPM2B_DIGEST policy_digest;
560 TPMA_PERMANENT auth_state;
566 TPM2_HANDLE template_nv_index;
567 TPM2_HANDLE nonce_nv_index;
576 TPM2B_SENSITIVE_CREATE inSensitive;
577 TPM2B_DATA outsideInfo;
578 TPML_PCR_SELECTION creationPCR;
580 TPMI_DH_PERSISTENT persistent_handle;
581 TPMS_CAPABILITY_DATA *capabilityData;
588 uint8_t
const *signature;
589 size_t signatureSize;
590 uint8_t
const *digest;
596 enum IFAPI_STATE_POLICY {
600 POLICY_INSTANTIATE_PREPARE,
602 POLICY_EXECUTE_PREPARE,
611 enum FAPI_CREATE_SESSION_STATE {
612 CREATE_SESSION_INIT = 0,
614 WAIT_FOR_CREATE_SESSION
620 enum IFAPI_STATE_POLICY state;
625 TPMI_ALG_HASH hash_alg;
636 enum FAPI_CREATE_SESSION_STATE create_session_state;
642 enum IFAPI_STATE_FILE_SEARCH {
651 enum IFAPI_STATE_FILE_SEARCH state;
659 enum _FAPI_STATE_PREPARE_LOAD_KEY {
660 PREPARE_LOAD_KEY_INIT = 0,
661 PREPARE_LOAD_KEY_WAIT_FOR_SESSION,
662 PREPARE_LOAD_KEY_INIT_KEY,
663 PREPARE_LOAD_KEY_WAIT_FOR_KEY
667 enum _FAPI_STATE_LOAD_KEY {
668 LOAD_KEY_GET_PATH = 0,
670 LOAD_KEY_WAIT_FOR_PRIMARY,
709 TPM2B_NAME parent_name;
714 TPM2B_PRIVATE *
private;
726 enum _FAPI_STATE_LOAD_KEY state;
727 enum _FAPI_STATE_PREPARE_LOAD_KEY prepare_state;
734 bool parent_handle_persistent;
807 enum _FAPI_STATE_PRIMARY {
810 PRIMARY_READ_HIERARCHY,
811 PRIMARY_READ_HIERARCHY_FINISH,
812 PRIMARY_AUTHORIZE_HIERARCHY,
813 PRIMARY_GET_AUTH_VALUE,
814 PRIMARY_WAIT_FOR_PRIMARY,
817 PRIMARY_VERIFY_PERSISTENT,
822 enum _FAPI_STATE_SESSION {
824 SESSION_WAIT_FOR_PRIMARY,
825 SESSION_CREATE_SESSION,
826 SESSION_WAIT_FOR_SESSION1,
827 SESSION_WAIT_FOR_SESSION2
831 enum _FAPI_STATE_GET_RANDOM {
837 enum _FAPI_FLUSH_STATE {
844 _FAPI_STATE_INIT = 0,
847 _FAPI_STATE_INTERNALERROR,
850 INITIALIZE_INIT_TCTI,
852 INITIALIZE_WAIT_FOR_CAP,
853 INITIALIZE_READ_PROFILE,
854 INITIALIZE_READ_PROFILE_INIT,
855 INITIALIZE_READ_TIME,
856 INITIALIZE_CHECK_NULL_PRIMARY,
857 INITIALIZE_READ_NULL_PRIMARY,
858 PROVISION_WAIT_FOR_GET_CAP_AUTH_STATE,
859 PROVISION_WAIT_FOR_GET_CAP0,
860 PROVISION_WAIT_FOR_GET_CAP1,
861 PROVISION_INIT_GET_CAP2,
862 PROVISION_WAIT_FOR_GET_CAP2,
863 PROVISION_GET_CERT_NV,
864 PROVISION_GET_CERT_NV_FINISH,
865 PROVISION_GET_CERT_READ_PUBLIC,
867 PROVISION_PREPARE_READ_ROOT_CERT,
868 PROVISION_READ_ROOT_CERT,
869 PROVISION_PREPARE_READ_INT_CERT,
870 PROVISION_READ_INT_CERT,
873 PROVISION_WAIT_FOR_EK_SESSION,
874 PROVISION_WAIT_FOR_SRK_SESSION,
875 PROVISION_AUTH_EK_NO_AUTH_SENT,
876 PROVISION_AUTH_EK_AUTH_SENT,
877 PROVISION_AUTH_SRK_NO_AUTH_SENT,
878 PROVISION_AUTH_SRK_AUTH_SENT,
879 PROVISION_CLEAN_EK_SESSION,
880 PROVISION_CLEAN_SRK_SESSION,
881 PROVISION_EK_WRITE_PREPARE,
883 PROVISION_EK_CHECK_CERT,
884 PROVISION_SRK_WRITE_PREPARE,
886 PROVISION_WAIT_FOR_EK_PERSISTENT,
887 PROVISION_WAIT_FOR_SRK_PERSISTENT,
888 PROVISION_CHANGE_LOCKOUT_AUTH,
889 PROVISION_CHANGE_EH_CHECK,
890 PROVISION_CHANGE_EH_AUTH,
891 PROVISION_CHANGE_SH_CHECK,
892 PROVISION_CHANGE_SH_AUTH,
893 PROVISION_EH_CHANGE_POLICY,
894 PROVISION_SH_CHANGE_POLICY,
895 PROVISION_LOCKOUT_CHANGE_POLICY,
899 PROVISION_PREPARE_NULL,
900 PROVISION_WRITE_NULL,
901 PROVISION_WRITE_LOCKOUT,
902 PROVISION_WRITE_LOCKOUT_PARAM,
903 PROVISION_PREPARE_LOCKOUT_PARAM,
904 PROVISION_AUTHORIZE_LOCKOUT,
907 PROVISION_CHECK_FOR_VENDOR_CERT,
908 PROVISION_GET_VENDOR,
909 PROVISION_GET_HIERARCHIES,
910 PROVISION_READ_HIERARCHIES,
911 PROVISION_READ_HIERARCHY,
912 PROVISION_WRITE_HIERARCHIES,
913 PROVISION_WRITE_HIERARCHY,
914 PROVISION_PREPARE_GET_CAP_AUTH_STATE,
915 PROVISION_SRK_GET_PERSISTENT_NAME,
916 PROVISION_CHECK_SRK_EVICT_CONTROL,
917 PROVISION_AUTHORIZE_HS_FOR_EK_EVICT,
918 PROVISION_PREPARE_EK_EVICT,
919 PROVISION_READ_EK_TEMPLATE,
920 PROVISION_READ_EK_NONCE,
927 KEY_SET_CERTIFICATE_READ,
928 KEY_SET_CERTIFICATE_WRITE,
930 KEY_GET_CERTIFICATE_READ,
932 GET_RANDOM_WAIT_FOR_SESSION,
933 GET_RANDOM_WAIT_FOR_RANDOM,
936 NV_CREATE_READ_PROFILE,
937 NV_CREATE_READ_HIERARCHY,
938 NV_CREATE_AUTHORIZE_HIERARCHY,
940 NV_CREATE_FIND_INDEX,
941 NV_CREATE_WAIT_FOR_SESSION,
945 NV_CREATE_CALCULATE_POLICY,
952 NV_EXTEND_WAIT_FOR_SESSION,
959 NV_INCREMENT_WAIT_FOR_SESSION,
960 NV_INCREMENT_AUTHORIZE,
961 NV_INCREMENT_AUTH_SENT,
963 NV_INCREMENT_CLEANUP,
966 NV_SET_BITS_WAIT_FOR_SESSION,
967 NV_SET_BITS_AUTHORIZE,
968 NV_SET_BITS_AUTH_SENT,
974 NV_READ_WAIT_FOR_SESSION,
977 ENTITY_DELETE_GET_FILE,
979 ENTITY_DELETE_WAIT_FOR_SESSION,
980 ENTITY_DELETE_NULL_AUTH_SENT_FOR_KEY,
981 ENTITY_DELETE_AUTH_SENT_FOR_KEY,
982 ENTITY_DELETE_NULL_AUTH_SENT_FOR_NV,
983 ENTITY_DELETE_AUTH_SENT_FOR_NV,
985 ENTITY_DELETE_KEY_WAIT_FOR_HIERARCHY,
986 ENTITY_DELETE_KEY_WAIT_FOR_AUTHORIZATION,
987 ENTITY_DELETE_AUTHORIZE_NV,
989 ENTITY_DELETE_POLICY,
990 ENTITY_DELETE_REMOVE_DIRS,
991 ENTITY_DELETE_CLEANUP,
992 ENTITY_DELETE_READ_HIERARCHY,
994 GET_ESYS_BLOB_GET_FILE,
996 GET_ESYS_BLOB_NULL_AUTH_SENT_FOR_KEY,
997 GET_ESYS_BLOB_AUTH_SENT_FOR_KEY,
998 GET_ESYS_BLOB_NULL_AUTH_SENT_FOR_NV,
999 GET_ESYS_BLOB_AUTH_SENT_FOR_NV,
1001 GET_ESYS_BLOB_WAIT_FOR_KEY,
1002 GET_ESYS_BLOB_WAIT_FOR_CONTEXT_SAVE,
1003 GET_ESYS_BLOB_SERIALIZE,
1005 GET_ESYS_BLOB_WAIT_FOR_FLUSH,
1006 GET_ESYS_BLOB_CLEANUP,
1008 ENTITY_GET_TPM_BLOBS_READ,
1010 KEY_SIGN_WAIT_FOR_KEY,
1011 KEY_SIGN_WAIT_FOR_SIGN,
1014 ENTITY_CHANGE_AUTH_WAIT_FOR_SESSION,
1015 ENTITY_CHANGE_AUTH_WAIT_FOR_KEY,
1016 ENTITY_CHANGE_AUTH_AUTH_SENT,
1017 ENTITY_CHANGE_AUTH_WAIT_FOR_FLUSH,
1018 ENTITY_CHANGE_AUTH_WRITE_PREPARE,
1019 ENTITY_CHANGE_AUTH_WRITE,
1020 ENTITY_CHANGE_AUTH_WAIT_FOR_KEY_AUTH,
1021 ENTITY_CHANGE_AUTH_WAIT_FOR_NV_READ,
1022 ENTITY_CHANGE_AUTH_WAIT_FOR_NV_AUTH,
1023 ENTITY_CHANGE_AUTH_WAIT_FOR_NV_CHANGE_AUTH,
1024 ENTITY_CHANGE_AUTH_HIERARCHY_CHANGE_AUTH,
1025 ENTITY_CHANGE_AUTH_HIERARCHY_READ,
1026 ENTITY_CHANGE_AUTH_HIERARCHY_AUTHORIZE,
1027 ENTITY_CHANGE_AUTH_SAVE_HIERARCHIES_PREPARE,
1028 ENTITY_CHANGE_AUTH_SAVE_HIERARCHIES_FINISH,
1029 ENTITY_CHANGE_AUTH_CLEANUP,
1031 DATA_ENCRYPT_WAIT_FOR_PROFILE,
1032 DATA_ENCRYPT_WAIT_FOR_SESSION,
1033 DATA_ENCRYPT_WAIT_FOR_KEY,
1034 DATA_ENCRYPT_WAIT_FOR_EXT_KEY,
1035 DATA_ENCRYPT_WAIT_FOR_FLUSH,
1036 DATA_ENCRYPT_WAIT_FOR_RSA_ENCRYPTION,
1039 DATA_DECRYPT_WAIT_FOR_PROFILE,
1040 DATA_DECRYPT_WAIT_FOR_SESSION,
1041 DATA_DECRYPT_WAIT_FOR_KEY,
1042 DATA_DECRYPT_WAIT_FOR_FLUSH,
1043 DATA_DECRYPT_WAIT_FOR_RSA_DECRYPTION,
1044 DATA_DECRYPT_AUTHORIZE_KEY,
1045 DATA_DECRYPT_CLEANUP,
1047 PCR_EXTEND_WAIT_FOR_SESSION,
1048 PCR_EXTEND_WAIT_FOR_GET_CAP,
1049 PCR_EXTEND_READ_EVENT_LOG,
1050 PCR_EXTEND_APPEND_EVENT_LOG,
1055 PCR_READ_READ_EVENT_LIST,
1057 PCR_QUOTE_WAIT_FOR_GET_CAP,
1058 PCR_QUOTE_WAIT_FOR_SESSION,
1059 PCR_QUOTE_WAIT_FOR_KEY,
1060 PCR_QUOTE_AUTH_SENT,
1061 PCR_QUOTE_AUTHORIZE,
1062 PCR_QUOTE_WAIT_FOR_FLUSH,
1063 PCR_QUOTE_READ_EVENT_LIST,
1066 PATH_SET_DESCRIPTION_READ,
1067 PATH_SET_DESCRIPTION_WRITE,
1069 PATH_GET_DESCRIPTION_READ,
1074 AUTHORIZE_NEW_CALCULATE_POLICY,
1075 AUTHORIZE_NEW_LOAD_KEY,
1076 AUTHORIZE_NEW_KEY_SIGN_POLICY,
1077 AUTHORIZE_NEW_WRITE_POLICY_PREPARE,
1078 AUTHORIZE_NEW_WRITE_POLICY,
1079 AUTHORIZE_NEW_CLEANUP,
1081 WRITE_AUTHORIZE_NV_READ_NV,
1082 WRITE_AUTHORIZE_NV_CALCULATE_POLICY,
1083 WRITE_AUTHORIZE_NV_WRITE_NV_RAM_PREPARE,
1084 WRITE_AUTHORIZE_NV_WRITE_NV_RAM,
1085 WRITE_AUTHORIZE_NV_WRITE_OBJCECT,
1086 WRITE_AUTHORIZE_NV_WRITE_POLICY_PREPARE,
1087 WRITE_AUTHORIZE_NV_WRITE_POLICY,
1088 WRITE_AUTHORIZE_NV_CLEANUP,
1090 EXPORT_KEY_READ_PUB_KEY,
1091 EXPORT_KEY_READ_PUB_KEY_PARENT,
1092 EXPORT_KEY_WAIT_FOR_KEY,
1093 EXPORT_KEY_WAIT_FOR_DUPLICATE,
1094 EXPORT_KEY_WAIT_FOR_EXT_KEY,
1095 EXPORT_KEY_WAIT_FOR_AUTHORIZATON,
1096 EXPORT_KEY_WAIT_FOR_FLUSH1,
1097 EXPORT_KEY_WAIT_FOR_FLUSH2,
1100 IMPORT_KEY_WRITE_POLICY,
1103 IMPORT_KEY_LOAD_PARENT,
1104 IMPORT_KEY_AUTHORIZE_PARENT,
1106 IMPORT_KEY_WAIT_FOR_FLUSH,
1107 IMPORT_KEY_WRITE_OBJECT_PREPARE,
1108 IMPORT_KEY_WRITE_OBJECT,
1110 IMPORT_WAIT_FOR_SESSION,
1111 IMPORT_WAIT_FOR_PARENT,
1112 IMPORT_WAIT_FOR_AUTHORIZATION,
1113 IMPORT_WAIT_FOR_KEY,
1115 IMPORT_FLUSH_PARENT,
1119 UNSEAL_WAIT_FOR_KEY,
1120 UNSEAL_AUTHORIZE_OBJECT,
1121 UNSEAL_WAIT_FOR_UNSEAL,
1122 UNSEAL_WAIT_FOR_FLUSH,
1125 GET_PLATFORM_CERTIFICATE,
1127 POLICY_EXPORT_READ_OBJECT,
1128 POLICY_EXPORT_READ_OBJECT_FINISH,
1129 POLICY_EXPORT_READ_POLICY,
1130 POLICY_EXPORT_READ_POLICY_FINISH,
1131 POLICY_EXPORT_CHECK_DIGEST,
1132 POLICY_EXPORT_COMPUTE_POLICY_DIGEST,
1137 GET_INFO_GET_CAP_MORE,
1138 GET_INFO_WAIT_FOR_CAP
1150 Fapi_CB_Branch branch;
1154 Fapi_CB_PolicyAction action;
1175 enum _FAPI_STATE
state;
1179 enum IFAPI_HIERACHY_AUTHORIZATION_STATE hierarchy_state;
1180 enum IFAPI_HIERACHY_POLICY_AUTHORIZATION_STATE hierarchy_policy_state;
1181 enum IFAPI_GET_CERT_STATE get_cert_state;
1184 enum IFAPI_READ_NV_PUBLIC_STATE read_nv_public_state;
1198 TPMI_DH_PERSISTENT ek_persistent;
1199 TPMI_DH_PERSISTENT srk_persistent;
1200 IFAPI_SESSION_TYPE session_flags;
1201 TPMA_SESSION session1_attribute_flags;
1202 TPMA_SESSION session2_attribute_flags;
1207 enum IFAPI_IO_STATE io_state;
1213 #define VENDOR_IFX 0x49465800
1214 #define VENDOR_INTC 0x494E5443
1215 #define VEDNOR_IBM 0x49424D20
1216 #define VENDOR_AMD 0x414D4400
uint32_t ESYS_TR
Definition: tss2_esys.h:16
Definition: esys_int.h:162
Definition: ifapi_keystore.h:150
Definition: fapi_int.h:1164
IFAPI_Key_Sign Key_Sign
Definition: fapi_int.h:1206
UINT32 nv_buffer_max
Definition: fapi_int.h:1186
ESYS_TR session2
Definition: fapi_int.h:1194
IFAPI_MAX_BUFFER aux_data
Definition: fapi_int.h:1203
enum _FAPI_FLUSH_STATE flush_object_state
Definition: fapi_int.h:1182
enum _FAPI_STATE_PRIMARY primary_state
Definition: fapi_int.h:1176
IFAPI_CMD_STATE cmd
Definition: fapi_int.h:1187
IFAPI_FILE_SEARCH_CTX fsearch
Definition: fapi_int.h:1205
IFAPI_OBJECT * duplicate_key
Definition: fapi_int.h:1209
struct IFAPI_CALLBACKS callbacks
Definition: fapi_int.h:1167
enum _FAPI_STATE state
Definition: fapi_int.h:1175
ESYS_CONTEXT * esys
Definition: fapi_int.h:1165
IFAPI_CONFIG config
Definition: fapi_int.h:1185
ESYS_TR session1
Definition: fapi_int.h:1193
enum IFAPI_CLEANUP_STATE cleanup_state
Definition: fapi_int.h:1183
TPMS_TIME_INFO init_time
Definition: fapi_int.h:1173
ESYS_TR policy_session
Definition: fapi_int.h:1195
enum _FAPI_STATE_SESSION session_state
Definition: fapi_int.h:1177
IFAPI_POLICY_CTX policy
Definition: fapi_int.h:1204
enum _FAPI_STATE_GET_RANDOM get_random_state
Definition: fapi_int.h:1178
Definition: ifapi_eventlog.h:89
Definition: fapi_int.h:1147
Definition: fapi_int.h:165
Definition: ifapi_config.h:20
Definition: fapi_int.h:572
IFAPI_OBJECT hierarchy
Definition: fapi_int.h:574
char * path
Definition: fapi_int.h:573
Definition: fapi_int.h:400
IFAPI_OBJECT * key_object
Definition: fapi_int.h:404
char const * keyPath
Definition: fapi_int.h:401
UINT16 bytesRequested
Definition: fapi_int.h:408
size_t decrypt
Definition: fapi_int.h:407
ESYS_TR key_handle
Definition: fapi_int.h:405
size_t numBytes
Definition: fapi_int.h:406
Definition: ifapi_eventlog.h:77
Definition: ifapi_eventlog.h:101
Definition: fapi_int.h:775
const char * searchPath
Definition: fapi_int.h:776
Definition: fapi_int.h:485
IFAPI_OBJECT * key_object
Definition: fapi_int.h:488
char ** pathlist
Definition: fapi_int.h:496
IFAPI_OBJECT hiearchy_object
Definition: fapi_int.h:493
size_t numPathsCleanup
Definition: fapi_int.h:498
size_t numPaths
Definition: fapi_int.h:497
const char * authValue
Definition: fapi_int.h:489
TPM2B_PRIVATE * newPrivate
Definition: fapi_int.h:491
ESYS_TR hierarchy_handle
Definition: fapi_int.h:495
IFAPI_OBJECT object
Definition: fapi_int.h:492
ESYS_TR nv_index
Definition: fapi_int.h:494
ESYS_TR handle
Definition: fapi_int.h:487
TPM2B_AUTH newAuthValue
Definition: fapi_int.h:490
const char * entityPath
Definition: fapi_int.h:486
Definition: fapi_int.h:742
char ** pathlist
Definition: fapi_int.h:751
TPM2_HANDLE permanentHandle
Definition: fapi_int.h:746
size_t numPaths
Definition: fapi_int.h:752
char * path
Definition: fapi_int.h:749
bool is_key
Definition: fapi_int.h:743
IFAPI_OBJECT object
Definition: fapi_int.h:750
bool is_persistent_key
Definition: fapi_int.h:744
IFAPI_OBJECT auth_object
Definition: fapi_int.h:747
size_t path_idx
Definition: fapi_int.h:753
ESYS_TR auth_index
Definition: fapi_int.h:748
Definition: fapi_int.h:678
IFAPI_OBJECT * key_object
Definition: fapi_int.h:682
IFAPI_OBJECT dup_key
Definition: fapi_int.h:685
char const * pathToPublicKeyOfNewParent
Definition: fapi_int.h:680
IFAPI_OBJECT pub_key
Definition: fapi_int.h:684
TPM2B_PUBLIC public_parent
Definition: fapi_int.h:681
IFAPI_OBJECT export_tree
Definition: fapi_int.h:683
char const * pathOfKeyToDuplicate
Definition: fapi_int.h:679
Definition: fapi_int.h:693
size_t profile_idx
Definition: fapi_int.h:699
TPMS_POLICY policy
Definition: fapi_int.h:697
TPMI_ALG_HASH hashAlg
Definition: fapi_int.h:698
IFAPI_OBJECT object
Definition: fapi_int.h:696
bool compute_policy
Definition: fapi_int.h:700
char const * path
Definition: fapi_int.h:694
Definition: fapi_int.h:650
char ** pathlist
Definition: fapi_int.h:652
size_t numPaths
Definition: fapi_int.h:654
size_t path_idx
Definition: fapi_int.h:653
Definition: fapi_int.h:503
const char * signingKeyPath
Definition: fapi_int.h:505
const char * policyPath
Definition: fapi_int.h:504
Definition: fapi_int.h:758
IFAPI_OBJECT * key_object
Definition: fapi_int.h:770
TPM2_HANDLE permanentHandle
Definition: fapi_int.h:765
uint8_t type
Definition: fapi_int.h:759
char * path
Definition: fapi_int.h:768
bool is_key
Definition: fapi_int.h:762
IFAPI_OBJECT object
Definition: fapi_int.h:769
bool is_persistent_key
Definition: fapi_int.h:763
IFAPI_OBJECT auth_object
Definition: fapi_int.h:766
uint8_t * data
Definition: fapi_int.h:760
size_t length
Definition: fapi_int.h:761
ESYS_TR auth_index
Definition: fapi_int.h:767
Definition: fapi_int.h:459
TPMS_CAPABILITY_DATA * fetched_data
Definition: fapi_int.h:461
TPMS_CAPABILITY_DATA * capability_data
Definition: fapi_int.h:460
Definition: fapi_int.h:325
UINT16 bytesRequested
Definition: fapi_int.h:328
size_t idx
Definition: fapi_int.h:327
uint8_t * ret_data
Definition: fapi_int.h:330
size_t numBytes
Definition: fapi_int.h:326
uint8_t * data
Definition: fapi_int.h:329
Definition: fapi_int.h:170
IFAPI_CONFIG fapi_config
Definition: fapi_int.h:172
char * fapi_version
Definition: fapi_int.h:171
Definition: fapi_int.h:260
char ** pathlist
Definition: fapi_int.h:262
IFAPI_OBJECT * null_primaries
Definition: fapi_int.h:268
size_t numPaths
Definition: fapi_int.h:263
size_t primary_idx
Definition: fapi_int.h:266
size_t path_idx
Definition: fapi_int.h:267
size_t numNullPrimaries
Definition: fapi_int.h:264
Definition: ifapi_io.h:15
Definition: fapi_int.h:707
TPM2B_SENSITIVE sensitive
Definition: fapi_int.h:719
IFAPI_KEY_TEMPLATE public_templ
Definition: fapi_int.h:717
const char * ossl_priv
Definition: fapi_int.h:718
Definition: fapi_int.h:178
TPMI_YES_NO system
Definition: fapi_int.h:179
UINT32 persistent_handle
Definition: fapi_int.h:182
TPMI_YES_NO persistent
Definition: fapi_int.h:181
Definition: ifapi_keystore.h:121
Definition: fapi_int.h:378
IFAPI_OBJECT hierarchy
Definition: fapi_int.h:386
IFAPI_OBJECT parent
Definition: fapi_int.h:382
bool gen_sensitive_random
Definition: fapi_int.h:394
IFAPI_KEY_TEMPLATE public_templ
Definition: fapi_int.h:384
NODE_STR_T * path_list
Definition: fapi_int.h:381
IFAPI_OBJECT object
Definition: fapi_int.h:383
const char * keyPath
Definition: fapi_int.h:380
Definition: fapi_int.h:335
const char * key_path
Definition: fapi_int.h:338
NODE_STR_T * path_list
Definition: fapi_int.h:339
char * pem_cert_dup
Definition: fapi_int.h:337
const char * pem_cert
Definition: fapi_int.h:336
IFAPI_OBJECT key_object
Definition: fapi_int.h:340
Definition: fapi_int.h:431
IFAPI_OBJECT * key_object
Definition: fapi_int.h:437
uint8_t * ret_signature
Definition: fapi_int.h:443
TPM2B_DIGEST digest
Definition: fapi_int.h:435
TPMT_SIG_SCHEME scheme
Definition: fapi_int.h:436
char const * padding
Definition: fapi_int.h:441
TPMT_SIGNATURE * tpm_signature
Definition: fapi_int.h:438
TPMT_SIGNATURE * signature
Definition: fapi_int.h:440
char * certificate
Definition: fapi_int.h:442
ESYS_TR handle
Definition: fapi_int.h:434
char * publicKey
Definition: fapi_int.h:445
const char * keyPath
Definition: fapi_int.h:433
TPMI_YES_NO decrypt
Definition: fapi_int.h:439
Definition: fapi_int.h:586
Definition: fapi_int.h:725
NODE_STR_T * path_list
Definition: fapi_int.h:728
Definition: fapi_int.h:92
Definition: fapi_int.h:224
UINT16 bytesRequested
Definition: fapi_int.h:232
TPML_DIGEST_VALUES digests
Definition: fapi_int.h:254
ESYS_TR esys_auth_handle
Definition: fapi_int.h:228
IFAPI_EVENT pcr_event
Definition: fapi_int.h:253
bool skip_policy_computation
Definition: fapi_int.h:255
size_t data_idx
Definition: fapi_int.h:234
char * policyPath
Definition: fapi_int.h:226
const uint8_t * data
Definition: fapi_int.h:235
json_object * jso_event_log
Definition: fapi_int.h:251
ESYS_TR auth_session
Definition: fapi_int.h:243
ESYS_TR esys_handle
Definition: fapi_int.h:229
size_t size
Definition: fapi_int.h:237
char * nvPath
Definition: fapi_int.h:225
TPM2B_AUTH auth
Definition: fapi_int.h:240
uint64_t bitmap
Definition: fapi_int.h:244
size_t numBytes
Definition: fapi_int.h:231
uint8_t * rdata
Definition: fapi_int.h:236
IFAPI_OBJECT auth_object
Definition: fapi_int.h:238
IFAPI_OBJECT nv_object
Definition: fapi_int.h:239
char * logData
Definition: fapi_int.h:250
TPMI_RH_NV_INDEX maxNvIndex
Definition: fapi_int.h:252
UINT16 offset
Definition: fapi_int.h:233
TPM2_HANDLE tpm_handle
Definition: fapi_int.h:230
IFAPI_NV nv_obj
Definition: fapi_int.h:241
ESYS_TR auth_index
Definition: fapi_int.h:242
Definition: fapi_int.h:188
TPMI_YES_NO system
Definition: fapi_int.h:189
TPMI_RH_HIERARCHY hierarchy
Definition: fapi_int.h:191
char * description
Definition: fapi_int.h:192
Definition: ifapi_keystore.h:72
Definition: fapi_int.h:273
IFAPI_OBJECT * key_object
Definition: fapi_int.h:285
ESYS_TR PCR
Definition: fapi_int.h:276
TPM2B_DATA qualifyingData
Definition: fapi_int.h:289
size_t pcrListSize
Definition: fapi_int.h:288
TPML_PCR_SELECTION pcr_selection
Definition: fapi_int.h:277
TPML_DIGEST_VALUES * event_digests
Definition: fapi_int.h:275
ESYS_TR handle
Definition: fapi_int.h:284
TPML_DIGEST_VALUES digest_list
Definition: fapi_int.h:274
TPML_PCR_SELECTION * pcr_selection_out
Definition: fapi_int.h:278
const char * keyPath
Definition: fapi_int.h:283
uint32_t * pcrList
Definition: fapi_int.h:287
Definition: fapi_int.h:619
char ** pathlist
Definition: fapi_int.h:624
ESYS_TR session
Definition: fapi_int.h:634
IFAPI_POLICYUTIL_STACK * policyutil_stack
Definition: fapi_int.h:630
IFAPI_POLICY_EXEC_CTX * policy_stack
Definition: fapi_int.h:626
Definition: ifapi_policy_instantiate.h:25
Definition: ifapi_policy_execute.h:67
Definition: ifapi_policy_store.h:17
Definition: ifapi_policyutil_execute.h:27
Definition: ifapi_profiles.h:15
Definition: ifapi_profiles.h:52
Definition: fapi_int.h:314
json_object * jso
Definition: fapi_int.h:319
char * object_path
Definition: fapi_int.h:318
char * jso_string
Definition: fapi_int.h:320
IFAPI_OBJECT object
Definition: fapi_int.h:317
char * description
Definition: fapi_int.h:315
UINT8_ARY appData
Definition: fapi_int.h:316
Definition: fapi_int.h:521
char ** pathlist
Definition: fapi_int.h:530
size_t numHierarchyObjects
Definition: fapi_int.h:532
IFAPI_OBJECT hierarchy_hn
Definition: fapi_int.h:525
size_t numPaths
Definition: fapi_int.h:531
IFAPI_KEY_TEMPLATE public_templ
Definition: fapi_int.h:528
IFAPI_OBJECT hierarchy_he
Definition: fapi_int.h:524
IFAPI_OBJECT * hierarchy
Definition: fapi_int.h:526
IFAPI_OBJECT hierarchy_hs
Definition: fapi_int.h:523
IFAPI_OBJECT hierarchy_lockout
Definition: fapi_int.h:522
IFAPI_OBJECT * hierarchies
Definition: fapi_int.h:535
size_t path_idx
Definition: fapi_int.h:534
size_t hiearchy_idx
Definition: fapi_int.h:533
TPMS_POLICY * hierarchy_policy
Definition: fapi_int.h:527
Definition: fapi_int.h:450
IFAPI_OBJECT * object
Definition: fapi_int.h:452
const char * keyPath
Definition: fapi_int.h:451
Definition: fapi_int.h:512
TPMI_ALG_HASH * hash_alg
Definition: fapi_int.h:514
size_t hash_size
Definition: fapi_int.h:515
size_t digest_idx
Definition: fapi_int.h:516
const char * policyPath
Definition: fapi_int.h:513
Definition: ifapi_policy_types.h:128
Definition: ifapi_policy_types.h:275
struct TPML_POLICYELEMENTS * policy
Definition: ifapi_policy_types.h:279
Definition: fapi_types.h:15
Definition: fapi_types.h:34
Definition: fapi_types.h:24
Definition: fapi_int.h:784