tpm2-tss  master
TPM Software stack 2.0 TCG spec compliant implementation
ifapi_keystore.h
1 /* SPDX-License-Identifier: BSD-2-Clause */
2 /*******************************************************************************
3  * Copyright 2018-2019, Fraunhofer SIT sponsored by Infineon Technologies AG
4  * All rights reserved.
5  ******************************************************************************/
6 
7 #ifndef IFAPI_KEYSTORE_H
8 #define IFAPI_KEYSTORE_H
9 
10 #include <stdlib.h>
11 
12 #include "tss2_common.h"
13 #include "tss2_tpm2_types.h"
14 #include "fapi_types.h"
15 #include "ifapi_policy_types.h"
16 #include "tss2_esys.h"
17 #include "tss2_policy.h"
18 
19 typedef UINT32 IFAPI_OBJECT_TYPE_CONSTANT;
20 #define IFAPI_OBJ_NONE 0
21 #define IFAPI_KEY_OBJ 1
22 #define IFAPI_NV_OBJ 2
23 #define IFAPI_EXT_PUB_KEY_OBJ 3
24 #define IFAPI_HIERARCHY_OBJ 4
25 #define IFAPI_DUPLICATE_OBJ 5
29 typedef struct {
30  UINT32 persistent_handle;
31  TPM2B_PUBLIC public;
32  UINT8_ARY serialization;
33  UINT8_ARY private;
34  char *policyInstance;
35  TPM2B_DIGEST creationHash;
36  TPM2B_CREATION_DATA creationData;
37  TPMT_TK_CREATION creationTicket;
38  char *description;
39  UINT8_ARY appData;
40  char *certificate;
41  TPMT_SIG_SCHEME signing_scheme;
42  TPM2B_NAME name;
43  TPMI_YES_NO with_auth;
44  UINT32 reset_count;
45  TPMI_YES_NO delete_prohibited;
46  TPMI_YES_NO ek_profile;
48  TPM2B_DIGEST nonce;
49 } IFAPI_KEY;
50 
53 typedef struct {
54  char *pem_ext_public;
55  char *certificate;
56  TPM2B_PUBLIC public;
57 } IFAPI_EXT_PUB_KEY;
58 
61 typedef struct {
62  TPMI_YES_NO with_auth;
63  char *description;
64  TPM2B_DIGEST authPolicy;
65  ESYS_TR esysHandle;
66  bool authorized;
67  TPM2B_NAME name;
68 } IFAPI_HIERARCHY;
69 
72 typedef struct {
73  TPM2B_NV_PUBLIC public;
74  UINT8_ARY serialization;
75  UINT32 hierarchy;
76  char *policyInstance;
77  char *description;
78  UINT8_ARY appData;
79  TPMI_YES_NO with_auth;
80  char* event_log;
81 } IFAPI_NV;
82 
85 typedef struct {
86 
87  TPM2B_PRIVATE duplicate;
88  TPM2B_ENCRYPTED_SECRET encrypted_seed;
89  TPM2B_PUBLIC public;
90  TPM2B_PUBLIC public_parent;
91  char *certificate;
92  TPMS_POLICY *policy;
93 } IFAPI_DUPLICATE;
94 
97 typedef union {
98  IFAPI_EXT_PUB_KEY ext_pub_key;
99  IFAPI_KEY key;
100  IFAPI_NV nv;
101  IFAPI_DUPLICATE key_tree;
102  IFAPI_HIERARCHY hierarchy;
103 } IFAPI_OBJECT_UNION;
104 
106 enum FAPI_SEARCH_STATE {
107  KSEARCH_INIT = 0,
108  KSEARCH_SEARCH_OBJECT,
109  KSEARCH_READ
110 };
111 
114 typedef struct {
115  size_t path_idx;
116  size_t numPaths;
117  char **pathlist;
118  enum FAPI_SEARCH_STATE state;
119 } IFAPI_KEY_SEARCH;
120 
121 typedef struct IFAPI_KEYSTORE {
122  char *systemdir;
123  char *userdir;
124  char *defaultprofile;
125  IFAPI_KEY_SEARCH key_search;
126  const char* rel_path;
127 } IFAPI_KEYSTORE;
128 
129 
131 enum IFAPI_AUTHORIZATION_STATE {
132  AUTH_INIT = 0,
133  AUTH_CHECK_POLICY,
134  AUTH_CREATE_SESSION,
135  AUTH_EXEC_POLICY,
136  AUTH_FLUSH_OLD_POLICY,
137  AUTH_DONE
138 };
139 
141 enum IFAPI_IO_STATE {
142  IO_INIT = 0,
143  IO_ACTIVE,
144 };
145 
146 #define TSS2_OBJECT_TO_IFAPI_OBJECT(p) ((IFAPI_OBJECT *)p)
147 
150 typedef struct _IFAPI_OBJECT {
151  /* TSS2_OBJECT MUST GO FIRST. In C pointer of first element
152  * is equal to pointer of base type, use this to hide data by
153  * only passing pointer to public in callbacks, however, internal
154  * FAPI code can do a simple upcast it back to the original.
155  *
156  * **NOTE**: One could use offset of, and play the same trick
157  * the linux kernel linked list uses with container_of, but
158  * since offsetof isn't C99, we won't use it here.
159  */
160  TSS2_OBJECT public;
161  TPMS_POLICY *policy;
162  IFAPI_OBJECT_TYPE_CONSTANT objectType;
163  IFAPI_OBJECT_UNION misc;
164  TPMI_YES_NO system;
166  enum IFAPI_AUTHORIZATION_STATE authorization_state;
167  enum IFAPI_IO_STATE state;
168  const char *rel_path;
170 } IFAPI_OBJECT;
171 
172 TSS2_RC
173 ifapi_check_valid_path(const char *path);
174 
175 TSS2_RC
176 ifapi_keystore_initialize(
177  IFAPI_KEYSTORE *keystore,
178  const char *config_systemdir,
179  const char *config_userdir,
180  const char *config_defaultprofile);
181 
182 TSS2_RC
183 ifapi_keystore_load_async(
184  IFAPI_KEYSTORE *keystore,
185  IFAPI_IO *io,
186  const char *path);
187 
188 TSS2_RC
189 ifapi_keystore_load_finish(
190  IFAPI_KEYSTORE *keystore,
191  IFAPI_IO *io,
192  IFAPI_OBJECT *object);
193 
194 TSS2_RC
195 ifapi_keystore_object_does_not_exist(
196  IFAPI_KEYSTORE *keystore,
197  const char *path,
198  const IFAPI_OBJECT *object);
199 
200 TSS2_RC
201 ifapi_keystore_store_async(
202  IFAPI_KEYSTORE *keystore,
203  IFAPI_IO *io,
204  const char *path,
205  const IFAPI_OBJECT *object);
206 
207 TSS2_RC
208 ifapi_keystore_store_finish(
209  IFAPI_IO *io);
210 
211 TSS2_RC
212 ifapi_keystore_list_all(
213  IFAPI_KEYSTORE *keystore,
214  const char *searchpath,
215  char ***results,
216  size_t *numresults);
217 
218 TSS2_RC
219 ifapi_keystore_delete(
220  IFAPI_KEYSTORE *keystore,
221  char *path);
222 
223 TSS2_RC
224 ifapi_keystore_remove_directories(
225  IFAPI_KEYSTORE *keystore,
226  const char *dir_name);
227 
228 TSS2_RC
229 ifapi_keystore_search_obj(
230  IFAPI_KEYSTORE *keystore,
231  IFAPI_IO *io,
232  TPM2B_NAME *name,
233  char **found_path);
234 
235 TSS2_RC
236 ifapi_keystore_search_nv_obj(
237  IFAPI_KEYSTORE *keystore,
238  IFAPI_IO *io,
239  TPM2B_NV_PUBLIC *nv_public,
240  char **found_path);
241 
242 TSS2_RC
243 ifapi_keystore_check_overwrite(
244  IFAPI_KEYSTORE *keystore,
245  const char *path);
246 
247 TSS2_RC
248 ifapi_keystore_check_writeable(
249  IFAPI_KEYSTORE *keystore,
250  const char *path);
251 
252 TSS2_RC
253 ifapi_copy_ifapi_key(
254  IFAPI_KEY * dest,
255  const IFAPI_KEY * src);
256 
257 TSS2_RC
258 ifapi_copy_ifapi_hierarchy(
259  IFAPI_HIERARCHY * dest,
260  const IFAPI_HIERARCHY * src);
261 
262 TSS2_RC
263 ifapi_copy_ifapi_key_object(
264  IFAPI_OBJECT * dest,
265  const IFAPI_OBJECT * src);
266 
267 TSS2_RC
268 ifapi_copy_ifapi_hierarchy_object(
269  IFAPI_OBJECT * dest,
270  const IFAPI_OBJECT * src);
271 
272 
273 void ifapi_cleanup_ifapi_key(
274  IFAPI_KEY * key);
275 
276 void ifapi_cleanup_ifapi_ext_pub_key(
277  IFAPI_EXT_PUB_KEY * key);
278 
279 void ifapi_cleanup_ifapi_hierarchy(
280  IFAPI_HIERARCHY * hierarchy);
281 
282 void ifapi_cleanup_ifapi_nv(
283  IFAPI_NV * nv);
284 
285 void ifapi_cleanup_ifapi_duplicate(
286  IFAPI_DUPLICATE * duplicate);
287 
288 void ifapi_cleanup_ifapi_key_search(
289  IFAPI_KEY_SEARCH * key_search);
290 
291 void ifapi_cleanup_ifapi_keystore(
292  IFAPI_KEYSTORE * keystore);
293 
294 void
295 ifapi_cleanup_ifapi_object(
296  IFAPI_OBJECT *object);
297 
298 TSS2_RC
299 ifapi_check_provisioned(
300  IFAPI_KEYSTORE *keystore,
301  const char *rel_path,
302  bool *ok);
303 
304 #endif /* IFAPI_KEYSTORE_H */
ESYS_TR
uint32_t ESYS_TR
Definition: tss2_esys.h:16
ifapi_copy_ifapi_key_object
TSS2_RC ifapi_copy_ifapi_key_object(IFAPI_OBJECT *dest, const IFAPI_OBJECT *src)
Definition: ifapi_keystore.c:1638
ifapi_keystore_object_does_not_exist
TSS2_RC ifapi_keystore_object_does_not_exist(IFAPI_KEYSTORE *keystore, const char *path, const IFAPI_OBJECT *object)
Definition: ifapi_keystore.c:753
ifapi_keystore_search_obj
TSS2_RC ifapi_keystore_search_obj(IFAPI_KEYSTORE *keystore, IFAPI_IO *io, TPM2B_NAME *name, char **found_path)
Definition: ifapi_keystore.c:1244
ifapi_copy_ifapi_hierarchy_object
TSS2_RC ifapi_copy_ifapi_hierarchy_object(IFAPI_OBJECT *dest, const IFAPI_OBJECT *src)
Definition: ifapi_keystore.c:1686
ifapi_copy_ifapi_key
TSS2_RC ifapi_copy_ifapi_key(IFAPI_KEY *dest, const IFAPI_KEY *src)
Definition: ifapi_keystore.c:1455
ifapi_copy_ifapi_hierarchy
TSS2_RC ifapi_copy_ifapi_hierarchy(IFAPI_HIERARCHY *dest, const IFAPI_HIERARCHY *src)
Definition: ifapi_keystore.c:1511
ifapi_keystore_load_async
TSS2_RC ifapi_keystore_load_async(IFAPI_KEYSTORE *keystore, IFAPI_IO *io, const char *path)
Definition: ifapi_keystore.c:564
ifapi_keystore_delete
TSS2_RC ifapi_keystore_delete(IFAPI_KEYSTORE *keystore, char *path)
Definition: ifapi_keystore.c:959
ifapi_keystore_remove_directories
TSS2_RC ifapi_keystore_remove_directories(IFAPI_KEYSTORE *keystore, const char *dir_name)
Definition: ifapi_keystore.c:1042
ifapi_keystore_search_nv_obj
TSS2_RC ifapi_keystore_search_nv_obj(IFAPI_KEYSTORE *keystore, IFAPI_IO *io, TPM2B_NV_PUBLIC *nv_public, char **found_path)
Definition: ifapi_keystore.c:1282
ifapi_keystore_list_all
TSS2_RC ifapi_keystore_list_all(IFAPI_KEYSTORE *keystore, const char *searchpath, char ***results, size_t *numresults)
Definition: ifapi_keystore.c:920
ifapi_keystore_initialize
TSS2_RC ifapi_keystore_initialize(IFAPI_KEYSTORE *keystore, const char *config_systemdir, const char *config_userdir, const char *config_defaultprofile)
Definition: ifapi_keystore.c:423
ifapi_cleanup_ifapi_hierarchy
void ifapi_cleanup_ifapi_hierarchy(IFAPI_HIERARCHY *hierarchy)
Definition: ifapi_keystore.c:1573
ifapi_cleanup_ifapi_ext_pub_key
void ifapi_cleanup_ifapi_ext_pub_key(IFAPI_EXT_PUB_KEY *key)
Definition: ifapi_keystore.c:1559
ifapi_cleanup_ifapi_object
void ifapi_cleanup_ifapi_object(IFAPI_OBJECT *object)
Definition: ifapi_keystore.c:1726
ifapi_cleanup_ifapi_keystore
void ifapi_cleanup_ifapi_keystore(IFAPI_KEYSTORE *keystore)
Definition: ifapi_keystore.c:1616
ifapi_keystore_store_async
TSS2_RC ifapi_keystore_store_async(IFAPI_KEYSTORE *keystore, IFAPI_IO *io, const char *path, const IFAPI_OBJECT *object)
Definition: ifapi_keystore.c:674
ifapi_cleanup_ifapi_duplicate
void ifapi_cleanup_ifapi_duplicate(IFAPI_DUPLICATE *duplicate)
Definition: ifapi_keystore.c:1603
ifapi_cleanup_ifapi_key
void ifapi_cleanup_ifapi_key(IFAPI_KEY *key)
Definition: ifapi_keystore.c:1541
ifapi_cleanup_ifapi_nv
void ifapi_cleanup_ifapi_nv(IFAPI_NV *nv)
Definition: ifapi_keystore.c:1586
_IFAPI_OBJECT
Definition: ifapi_keystore.h:150
_IFAPI_OBJECT::system
TPMI_YES_NO system
Definition: ifapi_keystore.h:164
_IFAPI_OBJECT::authorization_state
enum IFAPI_AUTHORIZATION_STATE authorization_state
Definition: ifapi_keystore.h:166
_IFAPI_OBJECT::rel_path
const char * rel_path
Definition: ifapi_keystore.h:168
_IFAPI_OBJECT::misc
IFAPI_OBJECT_UNION misc
Definition: ifapi_keystore.h:163
_IFAPI_OBJECT::objectType
IFAPI_OBJECT_TYPE_CONSTANT objectType
Definition: ifapi_keystore.h:162
IFAPI_DUPLICATE
Definition: ifapi_keystore.h:85
IFAPI_DUPLICATE::duplicate
TPM2B_PRIVATE duplicate
Definition: ifapi_keystore.h:87
IFAPI_DUPLICATE::policy
TPMS_POLICY * policy
Definition: ifapi_keystore.h:92
IFAPI_DUPLICATE::encrypted_seed
TPM2B_ENCRYPTED_SECRET encrypted_seed
Definition: ifapi_keystore.h:88
IFAPI_DUPLICATE::public_parent
TPM2B_PUBLIC public_parent
Definition: ifapi_keystore.h:90
IFAPI_DUPLICATE::certificate
char * certificate
Definition: ifapi_keystore.h:91
IFAPI_EXT_PUB_KEY
Definition: ifapi_keystore.h:53
IFAPI_EXT_PUB_KEY::pem_ext_public
char * pem_ext_public
Definition: ifapi_keystore.h:54
IFAPI_EXT_PUB_KEY::certificate
char * certificate
Definition: ifapi_keystore.h:55
IFAPI_HIERARCHY
Definition: ifapi_keystore.h:61
IFAPI_HIERARCHY::authorized
bool authorized
Definition: ifapi_keystore.h:66
IFAPI_HIERARCHY::with_auth
TPMI_YES_NO with_auth
Definition: ifapi_keystore.h:62
IFAPI_HIERARCHY::description
char * description
Definition: ifapi_keystore.h:63
IFAPI_HIERARCHY::name
TPM2B_NAME name
Definition: ifapi_keystore.h:67
IFAPI_IO
Definition: ifapi_io.h:15
IFAPI_KEY_SEARCH
Definition: ifapi_keystore.h:114
IFAPI_KEY_SEARCH::pathlist
char ** pathlist
Definition: ifapi_keystore.h:117
IFAPI_KEY_SEARCH::numPaths
size_t numPaths
Definition: ifapi_keystore.h:116
IFAPI_KEY_SEARCH::path_idx
size_t path_idx
Definition: ifapi_keystore.h:115
IFAPI_KEY
Definition: ifapi_keystore.h:29
IFAPI_KEY::policyInstance
char * policyInstance
Definition: ifapi_keystore.h:34
IFAPI_KEY::serialization
UINT8_ARY serialization
Definition: ifapi_keystore.h:32
IFAPI_KEY::ek_profile
TPMI_YES_NO ek_profile
Definition: ifapi_keystore.h:46
IFAPI_KEY::persistent_handle
UINT32 persistent_handle
Definition: ifapi_keystore.h:30
IFAPI_KEY::creationData
TPM2B_CREATION_DATA creationData
Definition: ifapi_keystore.h:36
IFAPI_KEY::delete_prohibited
TPMI_YES_NO delete_prohibited
Definition: ifapi_keystore.h:45
IFAPI_KEY::with_auth
TPMI_YES_NO with_auth
Definition: ifapi_keystore.h:43
IFAPI_KEY::nonce
TPM2B_DIGEST nonce
Definition: ifapi_keystore.h:48
IFAPI_KEY::creationHash
TPM2B_DIGEST creationHash
Definition: ifapi_keystore.h:35
IFAPI_KEY::description
char * description
Definition: ifapi_keystore.h:38
IFAPI_KEY::reset_count
UINT32 reset_count
Definition: ifapi_keystore.h:44
IFAPI_KEY::name
TPM2B_NAME name
Definition: ifapi_keystore.h:42
IFAPI_KEY::appData
UINT8_ARY appData
Definition: ifapi_keystore.h:39
IFAPI_KEY::certificate
char * certificate
Definition: ifapi_keystore.h:40
IFAPI_KEY::creationTicket
TPMT_TK_CREATION creationTicket
Definition: ifapi_keystore.h:37
IFAPI_KEY::signing_scheme
TPMT_SIG_SCHEME signing_scheme
Definition: ifapi_keystore.h:41
IFAPI_KEYSTORE
Definition: ifapi_keystore.h:121
IFAPI_NV
Definition: ifapi_keystore.h:72
IFAPI_NV::policyInstance
char * policyInstance
Definition: ifapi_keystore.h:76
IFAPI_NV::serialization
UINT8_ARY serialization
Definition: ifapi_keystore.h:74
IFAPI_NV::with_auth
TPMI_YES_NO with_auth
Definition: ifapi_keystore.h:79
IFAPI_NV::hierarchy
UINT32 hierarchy
Definition: ifapi_keystore.h:75
IFAPI_NV::description
char * description
Definition: ifapi_keystore.h:77
IFAPI_NV::appData
UINT8_ARY appData
Definition: ifapi_keystore.h:78
IFAPI_NV::event_log
char * event_log
Definition: ifapi_keystore.h:80
TPMS_POLICY
Definition: ifapi_policy_types.h:275
UINT8_ARY
Definition: fapi_types.h:15
IFAPI_OBJECT_UNION
Definition: ifapi_keystore.h:97
IFAPI_OBJECT_UNION::hierarchy
IFAPI_HIERARCHY hierarchy
Definition: ifapi_keystore.h:102
IFAPI_OBJECT_UNION::key
IFAPI_KEY key
Definition: ifapi_keystore.h:99
IFAPI_OBJECT_UNION::ext_pub_key
IFAPI_EXT_PUB_KEY ext_pub_key
Definition: ifapi_keystore.h:98
IFAPI_OBJECT_UNION::key_tree
IFAPI_DUPLICATE key_tree
Definition: ifapi_keystore.h:101
IFAPI_OBJECT_UNION::nv
IFAPI_NV nv
Definition: ifapi_keystore.h:100