tpm2-tss  3.2.2.1
TPM Software stack 2.0 TCG spec compliant implementation
ifapi_keystore.h
1 /* SPDX-License-Identifier: BSD-2-Clause */
2 /*******************************************************************************
3  * Copyright 2018-2019, Fraunhofer SIT sponsored by Infineon Technologies AG
4  * All rights reserved.
5  ******************************************************************************/
6 
7 #ifndef IFAPI_KEYSTORE_H
8 #define IFAPI_KEYSTORE_H
9 
10 #include <stdlib.h>
11 
12 #include "tss2_common.h"
13 #include "tss2_tpm2_types.h"
14 #include "fapi_types.h"
15 #include "ifapi_policy_types.h"
16 #include "tss2_esys.h"
17 
18 typedef UINT32 IFAPI_OBJECT_TYPE_CONSTANT;
19 #define IFAPI_OBJ_NONE 0
20 #define IFAPI_KEY_OBJ 1
21 #define IFAPI_NV_OBJ 2
22 #define IFAPI_EXT_PUB_KEY_OBJ 3
23 #define IFAPI_HIERARCHY_OBJ 4
24 #define IFAPI_DUPLICATE_OBJ 5
28 typedef struct {
29  UINT32 persistent_handle;
30  TPM2B_PUBLIC public;
31  UINT8_ARY serialization;
32  UINT8_ARY private;
33  char *policyInstance;
34  TPM2B_CREATION_DATA creationData;
35  TPMT_TK_CREATION creationTicket;
36  char *description;
37  UINT8_ARY appData;
38  char *certificate;
39  TPMT_SIG_SCHEME signing_scheme;
40  TPM2B_NAME name;
41  TPMI_YES_NO with_auth;
42  UINT32 reset_count;
43  TPMI_YES_NO delete_prohibited;
44  TPMI_YES_NO ek_profile;
46 } IFAPI_KEY;
47 
50 typedef struct {
51  char *pem_ext_public;
52  char *certificate;
53  TPM2B_PUBLIC public;
54 } IFAPI_EXT_PUB_KEY;
55 
58 typedef struct {
59  TPMI_YES_NO with_auth;
60  char *description;
61  TPM2B_DIGEST authPolicy;
62  ESYS_TR esysHandle;
63  bool authorized;
64  TPM2B_NAME name;
65 } IFAPI_HIERARCHY;
66 
69 typedef struct {
70  TPM2B_NV_PUBLIC public;
71  UINT8_ARY serialization;
72  UINT32 hierarchy;
73  char *policyInstance;
74  char *description;
75  UINT8_ARY appData;
76  TPMI_YES_NO with_auth;
77  char* event_log;
78 } IFAPI_NV;
79 
82 typedef struct {
83 
84  TPM2B_PRIVATE duplicate;
85  TPM2B_ENCRYPTED_SECRET encrypted_seed;
86  TPM2B_PUBLIC public;
87  TPM2B_PUBLIC public_parent;
88  char *certificate;
89  TPMS_POLICY *policy;
90 } IFAPI_DUPLICATE;
91 
94 typedef union {
95  IFAPI_EXT_PUB_KEY ext_pub_key;
96  IFAPI_KEY key;
97  IFAPI_NV nv;
98  IFAPI_DUPLICATE key_tree;
99  IFAPI_HIERARCHY hierarchy;
100 } IFAPI_OBJECT_UNION;
101 
103 enum FAPI_SEARCH_STATE {
104  KSEARCH_INIT = 0,
105  KSEARCH_SEARCH_OBJECT,
106  KSEARCH_READ
107 };
108 
111 typedef struct {
112  size_t path_idx;
113  size_t numPaths;
114  char **pathlist;
115  enum FAPI_SEARCH_STATE state;
116 } IFAPI_KEY_SEARCH;
117 
118 typedef struct IFAPI_KEYSTORE {
119  char *systemdir;
120  char *userdir;
121  char *defaultprofile;
122  IFAPI_KEY_SEARCH key_search;
123  const char* rel_path;
124 } IFAPI_KEYSTORE;
125 
126 
128 enum IFAPI_AUTHORIZATION_STATE {
129  AUTH_INIT = 0,
130  AUTH_CHECK_POLICY,
131  AUTH_CREATE_SESSION,
132  AUTH_EXEC_POLICY,
133  AUTH_FLUSH_OLD_POLICY,
134  AUTH_DONE
135 };
136 
138 enum IFAPI_IO_STATE {
139  IO_INIT = 0,
140  IO_ACTIVE,
141 };
142 
145 typedef struct _IFAPI_OBJECT {
146  TPMS_POLICY *policy;
147  IFAPI_OBJECT_TYPE_CONSTANT objectType;
148  IFAPI_OBJECT_UNION misc;
149  TPMI_YES_NO system;
151  ESYS_TR handle;
152  enum IFAPI_AUTHORIZATION_STATE authorization_state;
153  enum IFAPI_IO_STATE state;
154  const char *rel_path;
156 } IFAPI_OBJECT;
157 
158 TSS2_RC
159 ifapi_check_valid_path(const char *path);
160 
161 TSS2_RC
162 ifapi_keystore_initialize(
163  IFAPI_KEYSTORE *keystore,
164  const char *config_systemdir,
165  const char *config_userdir,
166  const char *config_defaultprofile);
167 
168 TSS2_RC
169 ifapi_keystore_load_async(
170  IFAPI_KEYSTORE *keystore,
171  IFAPI_IO *io,
172  const char *path);
173 
174 TSS2_RC
175 ifapi_keystore_load_finish(
176  IFAPI_KEYSTORE *keystore,
177  IFAPI_IO *io,
178  IFAPI_OBJECT *object);
179 
180 TSS2_RC
181 ifapi_keystore_object_does_not_exist(
182  IFAPI_KEYSTORE *keystore,
183  const char *path,
184  const IFAPI_OBJECT *object);
185 
186 TSS2_RC
187 ifapi_keystore_store_async(
188  IFAPI_KEYSTORE *keystore,
189  IFAPI_IO *io,
190  const char *path,
191  const IFAPI_OBJECT *object);
192 
193 TSS2_RC
194 ifapi_keystore_store_finish(
195  IFAPI_IO *io);
196 
197 TSS2_RC
198 ifapi_keystore_list_all(
199  IFAPI_KEYSTORE *keystore,
200  const char *searchpath,
201  char ***results,
202  size_t *numresults);
203 
204 TSS2_RC
205 ifapi_keystore_delete(
206  IFAPI_KEYSTORE *keystore,
207  char *path);
208 
209 TSS2_RC
210 ifapi_keystore_remove_directories(
211  IFAPI_KEYSTORE *keystore,
212  const char *dir_name);
213 
214 TSS2_RC
215 ifapi_keystore_search_obj(
216  IFAPI_KEYSTORE *keystore,
217  IFAPI_IO *io,
218  TPM2B_NAME *name,
219  char **found_path);
220 
221 TSS2_RC
222 ifapi_keystore_search_nv_obj(
223  IFAPI_KEYSTORE *keystore,
224  IFAPI_IO *io,
225  TPM2B_NV_PUBLIC *nv_public,
226  char **found_path);
227 
228 TSS2_RC
229 ifapi_keystore_check_overwrite(
230  IFAPI_KEYSTORE *keystore,
231  const char *path);
232 
233 TSS2_RC
234 ifapi_keystore_check_writeable(
235  IFAPI_KEYSTORE *keystore,
236  const char *path);
237 
238 TSS2_RC
239 ifapi_copy_ifapi_key(
240  IFAPI_KEY * dest,
241  const IFAPI_KEY * src);
242 
243 TSS2_RC
244 ifapi_copy_ifapi_hierarchy(
245  IFAPI_HIERARCHY * dest,
246  const IFAPI_HIERARCHY * src);
247 
248 TSS2_RC
249 ifapi_copy_ifapi_key_object(
250  IFAPI_OBJECT * dest,
251  const IFAPI_OBJECT * src);
252 
253 TSS2_RC
254 ifapi_copy_ifapi_hierarchy_object(
255  IFAPI_OBJECT * dest,
256  const IFAPI_OBJECT * src);
257 
258 
259 void ifapi_cleanup_ifapi_key(
260  IFAPI_KEY * key);
261 
262 void ifapi_cleanup_ifapi_ext_pub_key(
263  IFAPI_EXT_PUB_KEY * key);
264 
265 void ifapi_cleanup_ifapi_hierarchy(
266  IFAPI_HIERARCHY * hierarchy);
267 
268 void ifapi_cleanup_ifapi_nv(
269  IFAPI_NV * nv);
270 
271 void ifapi_cleanup_ifapi_duplicate(
272  IFAPI_DUPLICATE * duplicate);
273 
274 void ifapi_cleanup_ifapi_key_search(
275  IFAPI_KEY_SEARCH * key_search);
276 
277 void ifapi_cleanup_ifapi_keystore(
278  IFAPI_KEYSTORE * keystore);
279 
280 void
281 ifapi_cleanup_ifapi_object(
282  IFAPI_OBJECT *object);
283 
284 TSS2_RC
285 ifapi_check_provisioned(
286  IFAPI_KEYSTORE *keystore,
287  const char *rel_path,
288  bool *ok);
289 
290 #endif /* IFAPI_KEYSTORE_H */
IFAPI_DUPLICATE::public_parent
TPM2B_PUBLIC public_parent
Definition: ifapi_keystore.h:87
ifapi_keystore_remove_directories
TSS2_RC ifapi_keystore_remove_directories(IFAPI_KEYSTORE *keystore, const char *dir_name)
Definition: ifapi_keystore.c:1042
ifapi_keystore_search_obj
TSS2_RC ifapi_keystore_search_obj(IFAPI_KEYSTORE *keystore, IFAPI_IO *io, TPM2B_NAME *name, char **found_path)
Definition: ifapi_keystore.c:1244
IFAPI_KEY::description
char * description
Definition: ifapi_keystore.h:36
ifapi_keystore_delete
TSS2_RC ifapi_keystore_delete(IFAPI_KEYSTORE *keystore, char *path)
Definition: ifapi_keystore.c:959
IFAPI_KEY::creationTicket
TPMT_TK_CREATION creationTicket
Definition: ifapi_keystore.h:35
IFAPI_HIERARCHY
Definition: ifapi_keystore.h:58
IFAPI_OBJECT_UNION
Definition: ifapi_keystore.h:94
IFAPI_IO
Definition: ifapi_io.h:15
IFAPI_KEY::signing_scheme
TPMT_SIG_SCHEME signing_scheme
Definition: ifapi_keystore.h:39
IFAPI_DUPLICATE::encrypted_seed
TPM2B_ENCRYPTED_SECRET encrypted_seed
Definition: ifapi_keystore.h:85
ifapi_keystore_object_does_not_exist
TSS2_RC ifapi_keystore_object_does_not_exist(IFAPI_KEYSTORE *keystore, const char *path, const IFAPI_OBJECT *object)
Definition: ifapi_keystore.c:753
ifapi_keystore_search_nv_obj
TSS2_RC ifapi_keystore_search_nv_obj(IFAPI_KEYSTORE *keystore, IFAPI_IO *io, TPM2B_NV_PUBLIC *nv_public, char **found_path)
Definition: ifapi_keystore.c:1282
IFAPI_NV
Definition: ifapi_keystore.h:69
IFAPI_NV::appData
UINT8_ARY appData
Definition: ifapi_keystore.h:75
ifapi_copy_ifapi_key_object
TSS2_RC ifapi_copy_ifapi_key_object(IFAPI_OBJECT *dest, const IFAPI_OBJECT *src)
Definition: ifapi_keystore.c:1638
IFAPI_KEY::appData
UINT8_ARY appData
Definition: ifapi_keystore.h:37
_IFAPI_OBJECT
Definition: ifapi_keystore.h:145
IFAPI_KEY::reset_count
UINT32 reset_count
Definition: ifapi_keystore.h:42
IFAPI_NV::event_log
char * event_log
Definition: ifapi_keystore.h:77
IFAPI_OBJECT_UNION::key_tree
IFAPI_DUPLICATE key_tree
Definition: ifapi_keystore.h:98
ifapi_copy_ifapi_key
TSS2_RC ifapi_copy_ifapi_key(IFAPI_KEY *dest, const IFAPI_KEY *src)
Definition: ifapi_keystore.c:1455
IFAPI_KEY::name
TPM2B_NAME name
Definition: ifapi_keystore.h:40
IFAPI_KEY::ek_profile
TPMI_YES_NO ek_profile
Definition: ifapi_keystore.h:44
IFAPI_HIERARCHY::name
TPM2B_NAME name
Definition: ifapi_keystore.h:64
IFAPI_EXT_PUB_KEY::pem_ext_public
char * pem_ext_public
Definition: ifapi_keystore.h:51
IFAPI_OBJECT_UNION::nv
IFAPI_NV nv
Definition: ifapi_keystore.h:97
IFAPI_HIERARCHY::authorized
bool authorized
Definition: ifapi_keystore.h:63
IFAPI_KEY::certificate
char * certificate
Definition: ifapi_keystore.h:38
ifapi_cleanup_ifapi_duplicate
void ifapi_cleanup_ifapi_duplicate(IFAPI_DUPLICATE *duplicate)
Definition: ifapi_keystore.c:1603
IFAPI_HIERARCHY::description
char * description
Definition: ifapi_keystore.h:60
IFAPI_DUPLICATE
Definition: ifapi_keystore.h:82
ifapi_cleanup_ifapi_object
void ifapi_cleanup_ifapi_object(IFAPI_OBJECT *object)
Definition: ifapi_keystore.c:1726
TPMS_POLICY
Definition: ifapi_policy_types.h:291
ESYS_TR
uint32_t ESYS_TR
Definition: tss2_esys.h:16
IFAPI_NV::description
char * description
Definition: ifapi_keystore.h:74
ifapi_copy_ifapi_hierarchy
TSS2_RC ifapi_copy_ifapi_hierarchy(IFAPI_HIERARCHY *dest, const IFAPI_HIERARCHY *src)
Definition: ifapi_keystore.c:1511
ifapi_cleanup_ifapi_keystore
void ifapi_cleanup_ifapi_keystore(IFAPI_KEYSTORE *keystore)
Definition: ifapi_keystore.c:1616
ifapi_cleanup_ifapi_key
void ifapi_cleanup_ifapi_key(IFAPI_KEY *key)
Definition: ifapi_keystore.c:1541
ifapi_copy_ifapi_hierarchy_object
TSS2_RC ifapi_copy_ifapi_hierarchy_object(IFAPI_OBJECT *dest, const IFAPI_OBJECT *src)
Definition: ifapi_keystore.c:1686
IFAPI_DUPLICATE::policy
TPMS_POLICY * policy
Definition: ifapi_keystore.h:89
IFAPI_DUPLICATE::duplicate
TPM2B_PRIVATE duplicate
Definition: ifapi_keystore.h:84
IFAPI_EXT_PUB_KEY
Definition: ifapi_keystore.h:50
IFAPI_KEY_SEARCH
Definition: ifapi_keystore.h:111
IFAPI_EXT_PUB_KEY::certificate
char * certificate
Definition: ifapi_keystore.h:52
_IFAPI_OBJECT::system
TPMI_YES_NO system
Definition: ifapi_keystore.h:149
IFAPI_HIERARCHY::with_auth
TPMI_YES_NO with_auth
Definition: ifapi_keystore.h:59
IFAPI_KEYSTORE
Definition: ifapi_keystore.h:118
IFAPI_NV::serialization
UINT8_ARY serialization
Definition: ifapi_keystore.h:71
ifapi_cleanup_ifapi_nv
void ifapi_cleanup_ifapi_nv(IFAPI_NV *nv)
Definition: ifapi_keystore.c:1586
ifapi_cleanup_ifapi_hierarchy
void ifapi_cleanup_ifapi_hierarchy(IFAPI_HIERARCHY *hierarchy)
Definition: ifapi_keystore.c:1573
ifapi_keystore_store_async
TSS2_RC ifapi_keystore_store_async(IFAPI_KEYSTORE *keystore, IFAPI_IO *io, const char *path, const IFAPI_OBJECT *object)
Definition: ifapi_keystore.c:674
IFAPI_KEY::persistent_handle
UINT32 persistent_handle
Definition: ifapi_keystore.h:29
IFAPI_KEY::serialization
UINT8_ARY serialization
Definition: ifapi_keystore.h:31
IFAPI_KEY::with_auth
TPMI_YES_NO with_auth
Definition: ifapi_keystore.h:41
IFAPI_KEY::policyInstance
char * policyInstance
Definition: ifapi_keystore.h:33
IFAPI_KEY
Definition: ifapi_keystore.h:28
_IFAPI_OBJECT::misc
IFAPI_OBJECT_UNION misc
Definition: ifapi_keystore.h:148
IFAPI_NV::with_auth
TPMI_YES_NO with_auth
Definition: ifapi_keystore.h:76
IFAPI_KEY::delete_prohibited
TPMI_YES_NO delete_prohibited
Definition: ifapi_keystore.h:43
UINT8_ARY
Definition: fapi_types.h:15
ifapi_keystore_initialize
TSS2_RC ifapi_keystore_initialize(IFAPI_KEYSTORE *keystore, const char *config_systemdir, const char *config_userdir, const char *config_defaultprofile)
Definition: ifapi_keystore.c:423
IFAPI_OBJECT_UNION::ext_pub_key
IFAPI_EXT_PUB_KEY ext_pub_key
Definition: ifapi_keystore.h:95
IFAPI_NV::hierarchy
UINT32 hierarchy
Definition: ifapi_keystore.h:72
IFAPI_KEY_SEARCH::path_idx
size_t path_idx
Definition: ifapi_keystore.h:112
IFAPI_NV::policyInstance
char * policyInstance
Definition: ifapi_keystore.h:73
IFAPI_KEY_SEARCH::numPaths
size_t numPaths
Definition: ifapi_keystore.h:113
IFAPI_DUPLICATE::certificate
char * certificate
Definition: ifapi_keystore.h:88
IFAPI_OBJECT_UNION::hierarchy
IFAPI_HIERARCHY hierarchy
Definition: ifapi_keystore.h:99
ifapi_keystore_load_async
TSS2_RC ifapi_keystore_load_async(IFAPI_KEYSTORE *keystore, IFAPI_IO *io, const char *path)
Definition: ifapi_keystore.c:564
_IFAPI_OBJECT::handle
ESYS_TR handle
Definition: ifapi_keystore.h:151
IFAPI_KEY_SEARCH::pathlist
char ** pathlist
Definition: ifapi_keystore.h:114
ifapi_keystore_list_all
TSS2_RC ifapi_keystore_list_all(IFAPI_KEYSTORE *keystore, const char *searchpath, char ***results, size_t *numresults)
Definition: ifapi_keystore.c:920
ifapi_cleanup_ifapi_ext_pub_key
void ifapi_cleanup_ifapi_ext_pub_key(IFAPI_EXT_PUB_KEY *key)
Definition: ifapi_keystore.c:1559
IFAPI_KEY::creationData
TPM2B_CREATION_DATA creationData
Definition: ifapi_keystore.h:34
IFAPI_OBJECT_UNION::key
IFAPI_KEY key
Definition: ifapi_keystore.h:96
_IFAPI_OBJECT::rel_path
const char * rel_path
Definition: ifapi_keystore.h:154
_IFAPI_OBJECT::objectType
IFAPI_OBJECT_TYPE_CONSTANT objectType
Definition: ifapi_keystore.h:147