tpm2-tss 3.2.0
TPM Software stack 2.0 TCG spec compliant implementation
ifapi_keystore.h
1/* SPDX-License-Identifier: BSD-2-Clause */
2/*******************************************************************************
3 * Copyright 2018-2019, Fraunhofer SIT sponsored by Infineon Technologies AG
4 * All rights reserved.
5 ******************************************************************************/
6
7#ifndef IFAPI_KEYSTORE_H
8#define IFAPI_KEYSTORE_H
9
10#include <stdlib.h>
11
12#include "tss2_common.h"
13#include "tss2_tpm2_types.h"
14#include "fapi_types.h"
15#include "ifapi_policy_types.h"
16#include "tss2_esys.h"
17
18typedef UINT32 IFAPI_OBJECT_TYPE_CONSTANT;
19#define IFAPI_OBJ_NONE 0
20#define IFAPI_KEY_OBJ 1
21#define IFAPI_NV_OBJ 2
22#define IFAPI_EXT_PUB_KEY_OBJ 3
23#define IFAPI_HIERARCHY_OBJ 4
24#define IFAPI_DUPLICATE_OBJ 5
28typedef struct {
29 UINT32 persistent_handle;
30 TPM2B_PUBLIC public;
31 UINT8_ARY serialization;
32 UINT8_ARY private;
33 char *policyInstance;
34 TPM2B_CREATION_DATA creationData;
35 TPMT_TK_CREATION creationTicket;
36 char *description;
37 UINT8_ARY appData;
38 char *certificate;
39 TPMT_SIG_SCHEME signing_scheme;
40 TPM2B_NAME name;
41 TPMI_YES_NO with_auth;
42 UINT32 reset_count;
43 TPMI_YES_NO delete_prohibited;
44} IFAPI_KEY;
45
48typedef struct {
49 char *pem_ext_public;
50 char *certificate;
51 TPM2B_PUBLIC public;
52} IFAPI_EXT_PUB_KEY;
53
56typedef struct {
57 TPMI_YES_NO with_auth;
58 char *description;
59 TPM2B_DIGEST authPolicy;
60 ESYS_TR esysHandle;
61 bool authorized;
62 TPM2B_NAME name;
63} IFAPI_HIERARCHY;
64
67typedef struct {
68 TPM2B_NV_PUBLIC public;
69 UINT8_ARY serialization;
70 UINT32 hierarchy;
71 char *policyInstance;
72 char *description;
73 UINT8_ARY appData;
74 TPMI_YES_NO with_auth;
75 char* event_log;
76} IFAPI_NV;
77
80typedef struct {
81
82 TPM2B_PRIVATE duplicate;
83 TPM2B_ENCRYPTED_SECRET encrypted_seed;
84 TPM2B_PUBLIC public;
85 TPM2B_PUBLIC public_parent;
86 char *certificate;
87 TPMS_POLICY *policy;
88} IFAPI_DUPLICATE;
89
92typedef union {
93 IFAPI_EXT_PUB_KEY ext_pub_key;
94 IFAPI_KEY key;
95 IFAPI_NV nv;
96 IFAPI_DUPLICATE key_tree;
97 IFAPI_HIERARCHY hierarchy;
98} IFAPI_OBJECT_UNION;
99
101enum FAPI_SEARCH_STATE {
102 KSEARCH_INIT = 0,
103 KSEARCH_SEARCH_OBJECT,
104 KSEARCH_READ
105};
106
109typedef struct {
110 size_t path_idx;
111 size_t numPaths;
112 char **pathlist;
113 enum FAPI_SEARCH_STATE state;
114} IFAPI_KEY_SEARCH;
115
116typedef struct IFAPI_KEYSTORE {
117 char *systemdir;
118 char *userdir;
119 char *defaultprofile;
120 IFAPI_KEY_SEARCH key_search;
121 const char* rel_path;
122} IFAPI_KEYSTORE;
123
124
126enum IFAPI_AUTHORIZATION_STATE {
127 AUTH_INIT = 0,
128 AUTH_CHECK_POLICY,
129 AUTH_CREATE_SESSION,
130 AUTH_EXEC_POLICY,
131 AUTH_FLUSH_OLD_POLICY,
132 AUTH_DONE
133};
134
136enum IFAPI_IO_STATE {
137 IO_INIT = 0,
138 IO_ACTIVE,
139};
140
143typedef struct _IFAPI_OBJECT {
144 TPMS_POLICY *policy;
145 IFAPI_OBJECT_TYPE_CONSTANT objectType;
146 IFAPI_OBJECT_UNION misc;
147 TPMI_YES_NO system;
149 ESYS_TR handle;
150 enum IFAPI_AUTHORIZATION_STATE authorization_state;
151 enum IFAPI_IO_STATE state;
152 const char *rel_path;
154} IFAPI_OBJECT;
155
156TSS2_RC
157ifapi_check_valid_path(const char *path);
158
159TSS2_RC
160ifapi_keystore_initialize(
161 IFAPI_KEYSTORE *keystore,
162 const char *config_systemdir,
163 const char *config_userdir,
164 const char *config_defaultprofile);
165
166TSS2_RC
167ifapi_keystore_load_async(
168 IFAPI_KEYSTORE *keystore,
169 IFAPI_IO *io,
170 const char *path);
171
172TSS2_RC
173ifapi_keystore_load_finish(
174 IFAPI_KEYSTORE *keystore,
175 IFAPI_IO *io,
176 IFAPI_OBJECT *object);
177
178TSS2_RC
179ifapi_keystore_object_does_not_exist(
180 IFAPI_KEYSTORE *keystore,
181 const char *path,
182 const IFAPI_OBJECT *object);
183
184TSS2_RC
185ifapi_keystore_store_async(
186 IFAPI_KEYSTORE *keystore,
187 IFAPI_IO *io,
188 const char *path,
189 const IFAPI_OBJECT *object);
190
191TSS2_RC
192ifapi_keystore_store_finish(
193 IFAPI_IO *io);
194
195TSS2_RC
196ifapi_keystore_list_all(
197 IFAPI_KEYSTORE *keystore,
198 const char *searchpath,
199 char ***results,
200 size_t *numresults);
201
202TSS2_RC
203ifapi_keystore_delete(
204 IFAPI_KEYSTORE *keystore,
205 char *path);
206
207TSS2_RC
208ifapi_keystore_remove_directories(
209 IFAPI_KEYSTORE *keystore,
210 const char *dir_name);
211
212TSS2_RC
213ifapi_keystore_search_obj(
214 IFAPI_KEYSTORE *keystore,
215 IFAPI_IO *io,
216 TPM2B_NAME *name,
217 char **found_path);
218
219TSS2_RC
220ifapi_keystore_search_nv_obj(
221 IFAPI_KEYSTORE *keystore,
222 IFAPI_IO *io,
223 TPM2B_NV_PUBLIC *nv_public,
224 char **found_path);
225
226TSS2_RC
227ifapi_keystore_check_overwrite(
228 IFAPI_KEYSTORE *keystore,
229 const char *path);
230
231TSS2_RC
232ifapi_keystore_check_writeable(
233 IFAPI_KEYSTORE *keystore,
234 const char *path);
235
236TSS2_RC
237ifapi_copy_ifapi_key(
238 IFAPI_KEY * dest,
239 const IFAPI_KEY * src);
240
241TSS2_RC
242ifapi_copy_ifapi_hierarchy(
243 IFAPI_HIERARCHY * dest,
244 const IFAPI_HIERARCHY * src);
245
246TSS2_RC
247ifapi_copy_ifapi_key_object(
248 IFAPI_OBJECT * dest,
249 const IFAPI_OBJECT * src);
250
251TSS2_RC
252ifapi_copy_ifapi_hierarchy_object(
253 IFAPI_OBJECT * dest,
254 const IFAPI_OBJECT * src);
255
256
257void ifapi_cleanup_ifapi_key(
258 IFAPI_KEY * key);
259
260void ifapi_cleanup_ifapi_ext_pub_key(
261 IFAPI_EXT_PUB_KEY * key);
262
263void ifapi_cleanup_ifapi_hierarchy(
264 IFAPI_HIERARCHY * hierarchy);
265
266void ifapi_cleanup_ifapi_nv(
267 IFAPI_NV * nv);
268
269void ifapi_cleanup_ifapi_duplicate(
270 IFAPI_DUPLICATE * duplicate);
271
272void ifapi_cleanup_ifapi_key_search(
273 IFAPI_KEY_SEARCH * key_search);
274
275void ifapi_cleanup_ifapi_keystore(
276 IFAPI_KEYSTORE * keystore);
277
278void
279ifapi_cleanup_ifapi_object(
280 IFAPI_OBJECT *object);
281
282TSS2_RC
283ifapi_check_provisioned(
284 IFAPI_KEYSTORE *keystore,
285 const char *rel_path,
286 bool *ok);
287
288#endif /* IFAPI_KEYSTORE_H */
ESYS_TR
uint32_t ESYS_TR
Definition: tss2_esys.h:16
ifapi_copy_ifapi_key_object
TSS2_RC ifapi_copy_ifapi_key_object(IFAPI_OBJECT *dest, const IFAPI_OBJECT *src)
Definition: ifapi_keystore.c:1635
ifapi_keystore_object_does_not_exist
TSS2_RC ifapi_keystore_object_does_not_exist(IFAPI_KEYSTORE *keystore, const char *path, const IFAPI_OBJECT *object)
Definition: ifapi_keystore.c:752
ifapi_keystore_search_obj
TSS2_RC ifapi_keystore_search_obj(IFAPI_KEYSTORE *keystore, IFAPI_IO *io, TPM2B_NAME *name, char **found_path)
Definition: ifapi_keystore.c:1243
ifapi_copy_ifapi_hierarchy_object
TSS2_RC ifapi_copy_ifapi_hierarchy_object(IFAPI_OBJECT *dest, const IFAPI_OBJECT *src)
Definition: ifapi_keystore.c:1683
ifapi_copy_ifapi_key
TSS2_RC ifapi_copy_ifapi_key(IFAPI_KEY *dest, const IFAPI_KEY *src)
Definition: ifapi_keystore.c:1454
ifapi_copy_ifapi_hierarchy
TSS2_RC ifapi_copy_ifapi_hierarchy(IFAPI_HIERARCHY *dest, const IFAPI_HIERARCHY *src)
Definition: ifapi_keystore.c:1508
ifapi_keystore_load_async
TSS2_RC ifapi_keystore_load_async(IFAPI_KEYSTORE *keystore, IFAPI_IO *io, const char *path)
Definition: ifapi_keystore.c:564
ifapi_keystore_delete
TSS2_RC ifapi_keystore_delete(IFAPI_KEYSTORE *keystore, char *path)
Definition: ifapi_keystore.c:958
ifapi_keystore_remove_directories
TSS2_RC ifapi_keystore_remove_directories(IFAPI_KEYSTORE *keystore, const char *dir_name)
Definition: ifapi_keystore.c:1041
ifapi_keystore_search_nv_obj
TSS2_RC ifapi_keystore_search_nv_obj(IFAPI_KEYSTORE *keystore, IFAPI_IO *io, TPM2B_NV_PUBLIC *nv_public, char **found_path)
Definition: ifapi_keystore.c:1281
ifapi_keystore_list_all
TSS2_RC ifapi_keystore_list_all(IFAPI_KEYSTORE *keystore, const char *searchpath, char ***results, size_t *numresults)
Definition: ifapi_keystore.c:919
ifapi_keystore_initialize
TSS2_RC ifapi_keystore_initialize(IFAPI_KEYSTORE *keystore, const char *config_systemdir, const char *config_userdir, const char *config_defaultprofile)
Definition: ifapi_keystore.c:423
ifapi_cleanup_ifapi_hierarchy
void ifapi_cleanup_ifapi_hierarchy(IFAPI_HIERARCHY *hierarchy)
Definition: ifapi_keystore.c:1570
ifapi_cleanup_ifapi_ext_pub_key
void ifapi_cleanup_ifapi_ext_pub_key(IFAPI_EXT_PUB_KEY *key)
Definition: ifapi_keystore.c:1556
ifapi_cleanup_ifapi_object
void ifapi_cleanup_ifapi_object(IFAPI_OBJECT *object)
Definition: ifapi_keystore.c:1723
ifapi_cleanup_ifapi_keystore
void ifapi_cleanup_ifapi_keystore(IFAPI_KEYSTORE *keystore)
Definition: ifapi_keystore.c:1613
ifapi_keystore_store_async
TSS2_RC ifapi_keystore_store_async(IFAPI_KEYSTORE *keystore, IFAPI_IO *io, const char *path, const IFAPI_OBJECT *object)
Definition: ifapi_keystore.c:673
ifapi_cleanup_ifapi_duplicate
void ifapi_cleanup_ifapi_duplicate(IFAPI_DUPLICATE *duplicate)
Definition: ifapi_keystore.c:1600
ifapi_cleanup_ifapi_key
void ifapi_cleanup_ifapi_key(IFAPI_KEY *key)
Definition: ifapi_keystore.c:1538
ifapi_cleanup_ifapi_nv
void ifapi_cleanup_ifapi_nv(IFAPI_NV *nv)
Definition: ifapi_keystore.c:1583
_IFAPI_OBJECT
Definition: ifapi_keystore.h:143
_IFAPI_OBJECT::system
TPMI_YES_NO system
Definition: ifapi_keystore.h:147
_IFAPI_OBJECT::authorization_state
enum IFAPI_AUTHORIZATION_STATE authorization_state
Definition: ifapi_keystore.h:150
_IFAPI_OBJECT::handle
ESYS_TR handle
Definition: ifapi_keystore.h:149
_IFAPI_OBJECT::rel_path
const char * rel_path
Definition: ifapi_keystore.h:152
_IFAPI_OBJECT::misc
IFAPI_OBJECT_UNION misc
Definition: ifapi_keystore.h:146
_IFAPI_OBJECT::objectType
IFAPI_OBJECT_TYPE_CONSTANT objectType
Definition: ifapi_keystore.h:145
IFAPI_DUPLICATE
Definition: ifapi_keystore.h:80
IFAPI_DUPLICATE::duplicate
TPM2B_PRIVATE duplicate
Definition: ifapi_keystore.h:82
IFAPI_DUPLICATE::policy
TPMS_POLICY * policy
Definition: ifapi_keystore.h:87
IFAPI_DUPLICATE::encrypted_seed
TPM2B_ENCRYPTED_SECRET encrypted_seed
Definition: ifapi_keystore.h:83
IFAPI_DUPLICATE::public_parent
TPM2B_PUBLIC public_parent
Definition: ifapi_keystore.h:85
IFAPI_DUPLICATE::certificate
char * certificate
Definition: ifapi_keystore.h:86
IFAPI_EXT_PUB_KEY
Definition: ifapi_keystore.h:48
IFAPI_EXT_PUB_KEY::pem_ext_public
char * pem_ext_public
Definition: ifapi_keystore.h:49
IFAPI_EXT_PUB_KEY::certificate
char * certificate
Definition: ifapi_keystore.h:50
IFAPI_HIERARCHY
Definition: ifapi_keystore.h:56
IFAPI_HIERARCHY::authorized
bool authorized
Definition: ifapi_keystore.h:61
IFAPI_HIERARCHY::with_auth
TPMI_YES_NO with_auth
Definition: ifapi_keystore.h:57
IFAPI_HIERARCHY::description
char * description
Definition: ifapi_keystore.h:58
IFAPI_HIERARCHY::name
TPM2B_NAME name
Definition: ifapi_keystore.h:62
IFAPI_IO
Definition: ifapi_io.h:15
IFAPI_KEY_SEARCH
Definition: ifapi_keystore.h:109
IFAPI_KEY_SEARCH::pathlist
char ** pathlist
Definition: ifapi_keystore.h:112
IFAPI_KEY_SEARCH::numPaths
size_t numPaths
Definition: ifapi_keystore.h:111
IFAPI_KEY_SEARCH::path_idx
size_t path_idx
Definition: ifapi_keystore.h:110
IFAPI_KEY
Definition: ifapi_keystore.h:28
IFAPI_KEY::policyInstance
char * policyInstance
Definition: ifapi_keystore.h:33
IFAPI_KEY::serialization
UINT8_ARY serialization
Definition: ifapi_keystore.h:31
IFAPI_KEY::persistent_handle
UINT32 persistent_handle
Definition: ifapi_keystore.h:29
IFAPI_KEY::creationData
TPM2B_CREATION_DATA creationData
Definition: ifapi_keystore.h:34
IFAPI_KEY::delete_prohibited
TPMI_YES_NO delete_prohibited
Definition: ifapi_keystore.h:43
IFAPI_KEY::with_auth
TPMI_YES_NO with_auth
Definition: ifapi_keystore.h:41
IFAPI_KEY::description
char * description
Definition: ifapi_keystore.h:36
IFAPI_KEY::reset_count
UINT32 reset_count
Definition: ifapi_keystore.h:42
IFAPI_KEY::name
TPM2B_NAME name
Definition: ifapi_keystore.h:40
IFAPI_KEY::appData
UINT8_ARY appData
Definition: ifapi_keystore.h:37
IFAPI_KEY::certificate
char * certificate
Definition: ifapi_keystore.h:38
IFAPI_KEY::creationTicket
TPMT_TK_CREATION creationTicket
Definition: ifapi_keystore.h:35
IFAPI_KEY::signing_scheme
TPMT_SIG_SCHEME signing_scheme
Definition: ifapi_keystore.h:39
IFAPI_KEYSTORE
Definition: ifapi_keystore.h:116
IFAPI_NV
Definition: ifapi_keystore.h:67
IFAPI_NV::policyInstance
char * policyInstance
Definition: ifapi_keystore.h:71
IFAPI_NV::serialization
UINT8_ARY serialization
Definition: ifapi_keystore.h:69
IFAPI_NV::with_auth
TPMI_YES_NO with_auth
Definition: ifapi_keystore.h:74
IFAPI_NV::hierarchy
UINT32 hierarchy
Definition: ifapi_keystore.h:70
IFAPI_NV::description
char * description
Definition: ifapi_keystore.h:72
IFAPI_NV::appData
UINT8_ARY appData
Definition: ifapi_keystore.h:73
IFAPI_NV::event_log
char * event_log
Definition: ifapi_keystore.h:75
TPMS_POLICY
Definition: ifapi_policy_types.h:291
UINT8_ARY
Definition: fapi_types.h:15
IFAPI_OBJECT_UNION
Definition: ifapi_keystore.h:92
IFAPI_OBJECT_UNION::hierarchy
IFAPI_HIERARCHY hierarchy
Definition: ifapi_keystore.h:97
IFAPI_OBJECT_UNION::key
IFAPI_KEY key
Definition: ifapi_keystore.h:94
IFAPI_OBJECT_UNION::ext_pub_key
IFAPI_EXT_PUB_KEY ext_pub_key
Definition: ifapi_keystore.h:93
IFAPI_OBJECT_UNION::key_tree
IFAPI_DUPLICATE key_tree
Definition: ifapi_keystore.h:96
IFAPI_OBJECT_UNION::nv
IFAPI_NV nv
Definition: ifapi_keystore.h:95