Key store module

Functions
void	ifapi_cleanup_ifapi_duplicate (IFAPI_DUPLICATE *duplicate)
void	ifapi_cleanup_ifapi_ext_pub_key (IFAPI_EXT_PUB_KEY *key)
void	ifapi_cleanup_ifapi_hierarchy (IFAPI_HIERARCHY *hierarchy)
void	ifapi_cleanup_ifapi_key (IFAPI_KEY *key)
void	ifapi_cleanup_ifapi_keystore (IFAPI_KEYSTORE *keystore)
void	ifapi_cleanup_ifapi_nv (IFAPI_NV *nv)
void	ifapi_cleanup_ifapi_object (IFAPI_OBJECT *object)
TSS2_RC	ifapi_copy_ifapi_key (IFAPI_KEY *dest, const IFAPI_KEY *src)
TSS2_RC	ifapi_copy_ifapi_key_object (IFAPI_OBJECT *dest, const IFAPI_OBJECT *src)
TSS2_RC	ifapi_keystore_delete (IFAPI_KEYSTORE *keystore, char *path)
TSS2_RC	ifapi_keystore_initialize (IFAPI_KEYSTORE *keystore, const char *config_systemdir, const char *config_userdir, const char *config_defaultprofile)
TSS2_RC	ifapi_keystore_list_all (IFAPI_KEYSTORE *keystore, const char *searchpath, char ***results, size_t *numresults)
TSS2_RC	ifapi_keystore_load_async (IFAPI_KEYSTORE *keystore, IFAPI_IO *io, const char *path)
TSS2_RC	ifapi_keystore_load_finish (IFAPI_KEYSTORE *keystore, IFAPI_IO *io, IFAPI_OBJECT *object)
TSS2_RC	ifapi_keystore_remove_directories (IFAPI_KEYSTORE *keystore, const char *dir_name)
TSS2_RC	ifapi_keystore_search_nv_obj (IFAPI_KEYSTORE *keystore, IFAPI_IO *io, TPM2B_NV_PUBLIC *nv_public, char **found_path)
TSS2_RC	ifapi_keystore_search_obj (IFAPI_KEYSTORE *keystore, IFAPI_IO *io, TPM2B_NAME *name, char **found_path)
TSS2_RC	ifapi_keystore_store_async (IFAPI_KEYSTORE *keystore, IFAPI_IO *io, const char *path, const IFAPI_OBJECT *object)
TSS2_RC	ifapi_copy_ifapi_hierarchy (IFAPI_HIERARCHY *dest, const IFAPI_HIERARCHY *src)
TSS2_RC	ifapi_copy_ifapi_hierarchy_object (IFAPI_OBJECT *dest, const IFAPI_OBJECT *src)
TSS2_RC	ifapi_keystore_object_does_not_exist (IFAPI_KEYSTORE *keystore, const char *path, const IFAPI_OBJECT *object)

Detailed Description

Provides internal fapi functions for reading and writing to the key store.

Function Documentation

ifapi_cleanup_ifapi_duplicate()

void ifapi_cleanup_ifapi_duplicate

(

IFAPI_DUPLICATE *

duplicate

)

Free memory allocated during deserialization of a duplicate object.

The duplicate object will not be freed (might be declared on the stack).

Parameters

[in]

duplicate

The duplicate object to be cleaned up.

ifapi_cleanup_ifapi_ext_pub_key()

void ifapi_cleanup_ifapi_ext_pub_key

(

IFAPI_EXT_PUB_KEY *

key

)

Free memory allocated during deserialization of a pubkey object.

The pubkey will not be freed (might be declared on the stack).

Parameters

[in]

key

The pubkey object to be cleaned up.

ifapi_cleanup_ifapi_hierarchy()

void ifapi_cleanup_ifapi_hierarchy

(

IFAPI_HIERARCHY *

hierarchy

)

Free memory allocated during deserialization of a hierarchy object.

The hierarchy object will not be freed (might be declared on the stack).

Parameters

[in]

hierarchy

The hierarchy object to be cleaned up.

ifapi_cleanup_ifapi_key()

void ifapi_cleanup_ifapi_key

(

IFAPI_KEY *

key

)

Free memory allocated during deserialization of a key object.

The key will not be freed (might be declared on the stack).

Parameters

[in]

key

The key object to be cleaned up.

ifapi_cleanup_ifapi_keystore()

void ifapi_cleanup_ifapi_keystore

(

IFAPI_KEYSTORE *

keystore

)

Free keystore related memory allocated during FAPI initialization.

The keystore object will not be freed (might be declared on the stack).

Parameters

[in]

keystore

The kystore object to be cleaned up.

ifapi_cleanup_ifapi_nv()

void ifapi_cleanup_ifapi_nv

(

IFAPI_NV *

nv

)

Free memory allocated during deserialization of a nv object.

The nv object will not be freed (might be declared on the stack).

Parameters

[in]

nv

The nv object to be cleaned up.

ifapi_cleanup_ifapi_object()

void ifapi_cleanup_ifapi_object

(

IFAPI_OBJECT *

object

)

Free memory allocated during deserialization of object.

The object will not be freed (might be declared on the stack).

Parameters

[in]

object

The object to be cleaned up.

ifapi_copy_ifapi_hierarchy()

ifapi_copy_ifapi_hierarchy	(	IFAPI_HIERARCHY *	dest,
		const IFAPI_HIERARCHY *	src
	)

Create a copy of a an ifapi hierarchy.

Parameters

[out]	dest	The caller allocated hierarchy object which will be the destination of the copy operation.
[in]	src	The source hierarchy.

Return values

TSS2_RC_SUCCESS	if the function call was a success.
TSS2_FAPI_RC_BAD_REFERENCE	a invalid null pointer is passed.
TSS2_FAPI_RC_MEMORY	if not enough memory can be allocated.

ifapi_copy_ifapi_hierarchy_object()

ifapi_copy_ifapi_hierarchy_object	(	IFAPI_OBJECT *	dest,
		const IFAPI_OBJECT *	src
	)

Create a copy of a an ifapi object storing a hierarchy.

The hierarchy together with the policy of the hierarchy will be copied.

Parameters

[out]	dest	The caller allocated hierarchy object which will be the destination of the copy operation.
[in]	src	The source hieararchy.

Return values

TSS2_RC_SUCCESS	if the function call was a success.
TSS2_FAPI_RC_GENERAL_FAILURE	if the source is not of type key.
TSS2_FAPI_RC_BAD_REFERENCE	a invalid null pointer is passed.
TSS2_FAPI_RC_MEMORY	if not enough memory can be allocated.

ifapi_copy_ifapi_key()

TSS2_RC ifapi_copy_ifapi_key	(	IFAPI_KEY *	dest,
		const IFAPI_KEY *	src
	)

Create a copy of a an ifapi key.

Parameters

[out]	dest	The caller allocated key object which will be the destination of the copy operation.
[in]	src	The source key.

Return values

TSS2_RC_SUCCESS	if the function call was a success.
TSS2_FAPI_RC_BAD_REFERENCE	a invalid null pointer is passed.
TSS2_FAPI_RC_MEMORY	if not enough memory can be allocated.

ifapi_copy_ifapi_key_object()

TSS2_RC ifapi_copy_ifapi_key_object	(	IFAPI_OBJECT *	dest,
		const IFAPI_OBJECT *	src
	)

Create a copy of a an ifapi object storing a key.

The key together with the policy of the key will be copied.

Parameters

[out]	dest	The caller allocated key object which will be the destination of the copy operation.
[in]	src	The source key.

Return values

TSS2_RC_SUCCESS	if the function call was a success.
TSS2_FAPI_RC_GENERAL_FAILURE	if the source is not of type key.
TSS2_FAPI_RC_BAD_REFERENCE	a invalid null pointer is passed.
TSS2_FAPI_RC_MEMORY	if not enough memory can be allocated.

ifapi_keystore_delete()

TSS2_RC ifapi_keystore_delete	(	IFAPI_KEYSTORE *	keystore,
		char *	path
	)

Remove file storing a keystore object.

Parameters

[in]	keystore	The key directories, the default profile.
[in]	path	The relative name of the object be removed.

Return values

TSS2_RC_SUCCESS	On success.
TSS2_FAPI_RC_MEMORY	If memory could not be allocated.
TSS2_FAPI_RC_IO_ERROR	If the file can't be removed.
TSS2_FAPI_RC_PATH_NOT_FOUND	if a FAPI object path was not found during authorization.
TSS2_FAPI_RC_KEY_NOT_FOUND	if a key was not found.
TSS2_FAPI_RC_BAD_VALUE	if an invalid value was passed into the function.
TSS2_FAPI_RC_NOT_PROVISIONED	FAPI was not provisioned.
TSS2_FAPI_RC_BAD_REFERENCE	a invalid null pointer is passed.
TSS2_FAPI_RC_BAD_PATH	if the path is used in inappropriate context or contains illegal characters.

ifapi_keystore_initialize()

TSS2_RC ifapi_keystore_initialize	(	IFAPI_KEYSTORE *	keystore,
		const char *	config_systemdir,
		const char *	config_userdir,
		const char *	config_defaultprofile
	)

Store keystore parameters in the keystore context.

Also the user directory will be created if it does not exist.

Parameters

[out]	keystore	The keystore to be initialized.
[in]	config_systemdir	The configured system directory.
[in]	config_userdir	The configured user directory.
[in]	config_defaultprofile	The configured profile.

Return values

TSS2_RC_SUCCESS	If the keystore can be initialized.
TSS2_FAPI_RC_IO_ERROR	If the user part of the keystore can't be initialized.
TSS2_FAPI_RC_MEMORY	if memory could not be allocated.
TSS2_FAPI_RC_BAD_PATH	if the home directory of the user cannot be determined.
TSS2_FAPI_RC_BAD_VALUE	if an invalid value was passed into the function.

ifapi_keystore_list_all()

TSS2_RC ifapi_keystore_list_all	(	IFAPI_KEYSTORE *	keystore,
		const char *	searchpath,
		char ***	results,
		size_t *	numresults
	)

Create a list of of objects in a certain search path.

A vector of relative paths will be computed.

Parameters

[in]	keystore	The key directories, the default profile.
[in]	searchpath	The relative search path in key store.
[out]	results	The array with pointers to the relative object paths.
[out]	numresults	The number of found objects.

Return values

TSS2_RC_SUCCESS	on success.
TSS2_FAPI_RC_MEMORY	if memory could not be allocated.
TSS2_FAPI_RC_BAD_REFERENCE	a invalid null pointer is passed.
TSS2_FAPI_RC_BAD_PATH	if the path is used in inappropriate context or contains illegal characters.
TSS2_FAPI_RC_BAD_VALUE	if an invalid value was passed into the function.
TSS2_FAPI_RC_PATH_NOT_FOUND	if a FAPI object path was not found during authorization.

ifapi_keystore_load_async()

TSS2_RC ifapi_keystore_load_async	(	IFAPI_KEYSTORE *	keystore,
		IFAPI_IO *	io,
		const char *	path
	)

Start loading FAPI object from key store.

Keys objects, NV objects, and hierarchies can be loaded.

Parameters

[in]	keystore	The key directories and default profile.
[in]	io	The input/output context being used for file I/O.
[in]	path	The relative path of the object. For keys the path will expanded if possible.

Return values

TSS2_RC_SUCCESS	If the object can be read.
TSS2_FAPI_RC_IO_ERROR	if an I/O error was encountered.
TSS2_FAPI_RC_PATH_NOT_FOUND	if the file does not exist.
TSS2_FAPI_RC_MEMORY	if memory could not be allocated to hold the read data.
TSS2_FAPI_RC_KEY_NOT_FOUND	if a key was not found.
TSS2_FAPI_RC_BAD_VALUE	if an invalid value was passed into the function.
TSS2_FAPI_RC_NOT_PROVISIONED	FAPI was not provisioned.
TSS2_FAPI_RC_BAD_REFERENCE	a invalid null pointer is passed.
TSS2_FAPI_RC_BAD_PATH	if the path is used in inappropriate context or contains illegal characters.

ifapi_keystore_object_does_not_exist()

ifapi_keystore_object_does_not_exist	(	IFAPI_KEYSTORE *	keystore,
		const char *	path,
		const IFAPI_OBJECT *	object
	)

Check whether the key path for a new object does not exist in key store.

To prevent overwriting of objects the functions returns an error if the object is already stored in key store. The FAPI path will be expanded to absolute path appropriate for the object to be checked.

Parameters

[in]	keystore	The key directories and default profile.
[in]	path	The relative path of the object. For keys the path will expanded if possible.
[in]	object	The object to be checked.

Return values

TSS2_RC_SUCCESS	if the object does not exist and a new object can be written.
TSS2_FAPI_RC_PATH_ALREADY_EXISTS	if the object exists in key store.
TSS2_FAPI_RC_MEMORY	if memory could not be allocated to hold the output data.
TSS2_FAPI_RC_BAD_VALUE	if an invalid value was passed into the function.
TSS2_FAPI_RC_BAD_REFERENCE	a invalid null pointer is passed.
TSS2_FAPI_RC_BAD_PATH	if the path is used in inappropriate context or contains illegal characters.
TSS2_FAPI_RC_PATH_NOT_FOUND	if a FAPI object path was not found during authorization.

ifapi_keystore_remove_directories()

TSS2_RC ifapi_keystore_remove_directories	(	IFAPI_KEYSTORE *	keystore,
		const char *	dir_name
	)

Remove directories in keystore.

If the expanded directory exists in userdir and systemdir both will be deleted.

Parameters

[in]	keystore	The key directories, the default profile.
[in]	dir_name	The relative name of the directory to be removed.

Return values

TSS2_RC_SUCCESS	on success.
TSS2_FAPI_RC_MEMORY	If memory could not be allocated.
TSS2_FAPI_RC_IO_ERROR	If directory can't be deleted.
TSS2_FAPI_RC_BAD_VALUE	if an invalid value was passed into the function.
TSS2_FAPI_RC_BAD_REFERENCE	a invalid null pointer is passed.
TSS2_FAPI_RC_BAD_PATH	if the path is used in inappropriate context or contains illegal characters.
TSS2_FAPI_RC_PATH_NOT_FOUND	if a FAPI object path was not found during authorization.

ifapi_keystore_search_nv_obj()

TSS2_RC ifapi_keystore_search_nv_obj	(	IFAPI_KEYSTORE *	keystore,
		IFAPI_IO *	io,
		TPM2B_NV_PUBLIC *	nv_public,
		char **	found_path
	)

Search nv object with a certain nv_index (from nv_public) in keystore.

Parameters

[in,out]	keystore	The key directories, the default profile, and the state information for the asynchronous search.
[in]	io	The input/output context being used for file I/O.
[in]	nv_public	The public data of the searched nv object.
[out]	found_path	The relative path of the found key.

Return values

TSS2_RC_SUCCESS	on success.
TSS2_FAPI_RC_MEMORY	if memory could not be allocated.
TSS2_FAPI_RC_KEY_NOT_FOUND	If the key was not found in keystore.
TSS2_FAPI_RC_BAD_VALUE	if an invalid value was passed into the function.
TSS2_FAPI_RC_PATH_NOT_FOUND	if a FAPI object path was not found during authorization.
TSS2_FAPI_RC_TRY_AGAIN	if an I/O operation is not finished yet and this function needs to be called again.
TSS2_FAPI_RC_BAD_SEQUENCE	if the context has an asynchronous operation already pending.
TSS2_FAPI_RC_IO_ERROR	if an error occurred while accessing the object store.
TSS2_FAPI_RC_GENERAL_FAILURE	if an internal error occurred.
TSS2_FAPI_RC_BAD_REFERENCE	a invalid null pointer is passed.
TSS2_FAPI_RC_PATH_ALREADY_EXISTS	if the object already exists in object store.
TSS2_FAPI_RC_BAD_PATH	if the path is used in inappropriate context or contains illegal characters.
TSS2_FAPI_RC_NOT_PROVISIONED	FAPI was not provisioned.

ifapi_keystore_search_obj()

TSS2_RC ifapi_keystore_search_obj	(	IFAPI_KEYSTORE *	keystore,
		IFAPI_IO *	io,
		TPM2B_NAME *	name,
		char **	found_path
	)

Search object with a certain name in keystore.

Parameters

[in,out]	keystore	The key directories, the default profile, and the state information for the asynchronous search.
[in]	io	The input/output context being used for file I/O.
[in]	name	The name of the searched object.
[out]	found_path	The relative path of the found key.

Return values

TSS2_RC_SUCCESS	on success.
TSS2_FAPI_RC_MEMORY	if memory could not be allocated.
TSS2_FAPI_RC_KEY_NOT_FOUND	If the key was not found in keystore.
TSS2_FAPI_RC_PATH_NOT_FOUND	if a FAPI object path was not found during authorization.
TSS2_FAPI_RC_TRY_AGAIN	if an I/O operation is not finished yet and this function needs to be called again.
TSS2_FAPI_RC_BAD_SEQUENCE	if the context has an asynchronous operation already pending.
TSS2_FAPI_RC_BAD_VALUE	if an invalid value was passed into the function.
TSS2_FAPI_RC_IO_ERROR	if an error occurred while accessing the object store.
TSS2_FAPI_RC_GENERAL_FAILURE	if an internal error occurred.
TSS2_FAPI_RC_BAD_REFERENCE	a invalid null pointer is passed.
TSS2_FAPI_RC_BAD_PATH	if the path is used in inappropriate context or contains illegal characters.
TSS2_FAPI_RC_NOT_PROVISIONED	FAPI was not provisioned.

ifapi_keystore_store_async()

TSS2_RC ifapi_keystore_store_async	(	IFAPI_KEYSTORE *	keystore,
		IFAPI_IO *	io,
		const char *	path,
		const IFAPI_OBJECT *	object
	)

Start writing FAPI object to the key store.

Keys objects, NV objects, and hierarchies can be written.

Parameters

[in]	keystore	The key directories and default profile.
[in]	io	The input/output context being used for file I/O.
[in]	path	The relative path of the object. For keys the path will expanded if possible.
[in]	object	The object to be written to the keystore.

Return values

TSS2_RC_SUCCESS	if the object is written successfully.
TSS2_FAPI_RC_IO_ERROR	if an I/O error was encountered;
TSS2_FAPI_RC_MEMORY	if memory could not be allocated to hold the output data.
TSS2_FAPI_RC_BAD_VALUE	if an invalid value was passed into the function.
TSS2_FAPI_RC_GENERAL_FAILURE	if an internal error occurred.
TSS2_FAPI_RC_BAD_REFERENCE	a invalid null pointer is passed.
TSS2_FAPI_RC_BAD_PATH	if the path is used in inappropriate context or contains illegal characters.
TSS2_FAPI_RC_PATH_NOT_FOUND	if a FAPI object path was not found during authorization.