1 /* SPDX-License-Identifier: BSD-2-Clause */ 2 /******************************************************************************* 3 * Copyright 2018-2019, Fraunhofer SIT sponsored by Infineon Technologies AG 4 * All rights reserved. 5 ******************************************************************************/ 6 #ifndef IFAPI_POLICY_TYPES_H 7 #define IFAPI_POLICY_TYPES_H 8 9 #include "tss2_tpm2_types.h" 10 11 typedef UINT32 TPMI_POLICYTYPE; 12 #define POLICYELEMENTS 0 13 #define POLICYOR 1 /**< None */ 14 #define POLICYSIGNED 2 /**< None */ 15 #define POLICYSECRET 3 /**< None */ 16 #define POLICYPCR 4 /**< None */ 17 #define POLICYLOCALITY 5 /**< None */ 18 #define POLICYNV 6 /**< None */ 19 #define POLICYCOUNTERTIMER 7 /**< None */ 20 #define POLICYCOMMANDCODE 8 /**< None */ 21 #define POLICYPHYSICALPRESENCE 9 /**< None */ 22 #define POLICYCPHASH 10 /**< None */ 23 #define POLICYNAMEHASH 11 /**< None */ 24 #define POLICYDUPLICATIONSELECT 12 /**< None */ 25 #define POLICYAUTHORIZE 13 /**< None */ 26 #define POLICYAUTHVALUE 14 /**< None */ 27 #define POLICYPASSWORD 15 /**< None */ 28 #define POLICYNVWRITTEN 16 /**< None */ 29 #define POLICYTEMPLATE 17 /**< None */ 30 #define POLICYAUTHORIZENV 18 /**< None */ 31 #define POLICYACTION 19 /**< None */ 32 33 /** Policy type TPMS_POLICYSIGNED 34 */ 35 typedef struct { 36 TPM2B_NONCE nonceTPM; /**< This is a value returned by TPM2_StartAuthSession and thus n */ 37 TPM2B_DIGEST cpHashA; /**< This value will be automatically generated by the FAPI. */ 38 TPM2B_NONCE policyRef; /**< Default is zero-length */ 39 INT32 expiration; /**< This value will be -1 by the FAPI */ 40 TPMT_SIGNATURE auth; /**< This value is generated from at runtime via a callback. */ 41 TPM2B_NAME publicKey; /**< This will be automatically generated from keyPath, keyPublic */ 42 char *publicKeyHint; /**< A human readable hint to denote which public key to use. */ 43 char *keyPath; /**< A reference to a key inside the FAPI keystore */ 44 TPMT_PUBLIC keyPublic; /**< None */ 45 char *keyPEM; /**< <p>The TPM2B_NAME is constructed with a TPMT_PUBLIC from this */ 46 TPMI_ALG_HASH keyPEMhashAlg; /**< (optional) Default = SHA256 */ 47 TPMT_SIGNATURE signature_tpm; 48 } TPMS_POLICYSIGNED; 49 50 /** Policy type TPMS_POLICYSECRET 51 */ 52 typedef struct { 53 TPM2B_NONCE nonceTPM; /**< None */ 54 TPM2B_DIGEST cpHashA; /**< None */ 55 TPM2B_NONCE policyRef; /**< Default is zero length */ 56 INT32 expiration; /**< None */ 57 char *objectPath; /**< Path of the object */ 58 TPM2B_NAME objectName; /**< Public name of the object */ 59 } TPMS_POLICYSECRET; 60 61 /** Policy type TPMS_POLICYLOCALITY 62 */ 63 typedef struct { 64 TPMA_LOCALITY locality; /**< None */ 65 } TPMS_POLICYLOCALITY; 66 67 /** Policy type TPMS_POLICYNV 68 */ 69 typedef struct { 70 char *nvPath; /**< None */ 71 TPMI_RH_NV_INDEX nvIndex; /**< None */ 72 TPM2B_NV_PUBLIC nvPublic; /**< None */ 73 TPMI_RH_NV_AUTH authHandle; /**< This is determined by FAPI at runtime. */ 74 TPM2B_OPERAND operandB; /**< None */ 75 UINT16 offset; /**< Default value is 0 */ 76 TPM2_EO operation; /**< Default value is EQUAL */ 77 } TPMS_POLICYNV; 78 79 /** Policy type TPMS_POLICYCOUNTERTIMER 80 */ 81 typedef struct { 82 TPM2B_OPERAND operandB; /**< None */ 83 UINT16 offset; /**< Default is 0 */ 84 TPM2_EO operation; /**< None */ 85 } TPMS_POLICYCOUNTERTIMER; 86 87 /** Policy type TPMS_POLICYCOMMANDCODE 88 */ 89 typedef struct { 90 TPM2_CC code; /**< None */ 91 } TPMS_POLICYCOMMANDCODE; 92 93 /** Policy type TPMS_POLICYPHYSICALPRESENCE 94 */ 95 typedef struct { 96 } TPMS_POLICYPHYSICALPRESENCE; 97 98 /** Policy type TPMS_POLICYCPHASH 99 */ 100 typedef struct { 101 TPM2B_DIGEST cpHash; /**< None */ 102 } TPMS_POLICYCPHASH; 103 104 /** Policy type TPMS_POLICYNAMEHASH 105 */ 106 typedef struct { 107 UINT32 count; /**< Computed during instantiation */ 108 UINT32 i; /**< Temporary index for policy calculation */ 109 TPM2B_NAME objectNames[3]; /**< computed during instantiation (if not initialized) */ 110 char *namePaths[3]; /**< Paths of objects used for retrieving the names */ 111 TPM2B_DIGEST nameHash; /**< computed during policy calculation */ 112 } TPMS_POLICYNAMEHASH; 113 114 /** Policy type TPMS_POLICYDUPLICATIONSELECT 115 */ 116 typedef struct { 117 TPM2B_NAME objectName; /**< Will not be used (see includeObject) */ 118 TPM2B_NAME newParentName; /**< Automatically calculated */ 119 TPMI_YES_NO includeObject; /**< Always NO */ 120 char *newParentPath; /**< None */ 121 TPM2B_PUBLIC newParentPublic; /**< None */ 122 } TPMS_POLICYDUPLICATIONSELECT; 123 124 /** Policy type TPMS_POLICYAUTHORIZATION 125 */ 126 typedef struct { 127 char *type; /**< tpm */ 128 TPMT_PUBLIC key; /**< Selector of the algorithm used for the signature and the pub */ 129 TPM2B_NONCE policyRef; /**< None */ 130 TPMT_SIGNATURE signature; /**< None */ 131 } TPMS_POLICYAUTHORIZATION; 132 133 typedef struct policy_object_node POLICY_OBJECT; 134 135 /** Policy type TPMS_POLICYAUTHORIZE 136 */ 137 typedef struct { 138 TPM2B_DIGEST approvedPolicy; /**< None */ 139 TPM2B_NONCE policyRef; /**< None */ 140 TPM2B_NAME keyName; /**< Not exposed in JSON, but generated from keyPath, keyPublic o */ 141 TPMT_TK_VERIFIED checkTicket; /**< None */ 142 char *keyPath; /**< A reference to a key inside the FAPI keystore */ 143 TPMT_PUBLIC keyPublic; /**< None */ 144 char *keyPEM; /**< <p> everyone in favour<br /> The TPM2B_NAME is constructed w */ 145 TPMI_ALG_HASH keyPEMhashAlg; /**< (optional) Default = SHA256 */ 146 POLICY_OBJECT *policy_list; 147 TPMS_POLICYAUTHORIZATION *authorization; 148 TPMT_SIGNATURE signature; 149 } TPMS_POLICYAUTHORIZE; 150 151 /** Policy type TPMS_POLICYAUTHVALUE 152 */ 153 typedef struct { 154 } TPMS_POLICYAUTHVALUE; 155 156 /** Policy type TPMS_POLICYPASSWORD 157 */ 158 typedef struct { 159 } TPMS_POLICYPASSWORD; 160 161 /** Policy type TPMS_POLICYNVWRITTEN 162 */ 163 typedef struct { 164 TPMI_YES_NO writtenSet; /**< Default is yes */ 165 } TPMS_POLICYNVWRITTEN; 166 167 /** Policy type TPMS_POLICYTEMPLATE 168 */ 169 typedef struct { 170 TPM2B_DIGEST templateHash; /**< None */ 171 TPM2B_PUBLIC templatePublic; /**< None */ 172 char *templateName; /**< None */ 173 } TPMS_POLICYTEMPLATE; 174 175 /** Policy type TPMS_POLICYAUTHORIZENV 176 */ 177 typedef struct { 178 char *nvPath; /**< None */ 179 TPM2B_NV_PUBLIC nvPublic; /**< None */ 180 TPM2B_DIGEST policy; /**< Policy Digest */ 181 TPMT_HA nv_policy; /**< Policy stored in NV ram */ 182 uint8_t *policy_buffer; 183 } TPMS_POLICYAUTHORIZENV; 184 185 /** Policy type TPMS_POLICYACTION 186 */ 187 typedef struct { 188 char *action; /**< The FAPI will return a string representation of the JSON sub */ 189 } TPMS_POLICYACTION; 190 191 /** Policy type TPMS_PCRVALUE 192 */ 193 typedef struct { 194 UINT32 pcr; /**< None */ 195 TPM2_ALG_ID hashAlg; /**< None */ 196 TPMU_HA digest; /**< None */ 197 } TPMS_PCRVALUE; 198 199 /** Policy type TPML_PCRVALUES 200 */ 201 typedef struct TPML_PCRVALUES { 202 UINT32 count; /**< None */ 203 TPMS_PCRVALUE pcrs[]; /**< Array of pcr values */ 204 } TPML_PCRVALUES; 205 206 /** Policy type TPMS_POLICYPCR 207 */ 208 typedef struct { 209 struct TPML_PCRVALUES *pcrs; /**< None */ 210 TPMS_PCR_SELECT currentPCRs; /**< The hashAlg are inferred from */ 211 TPML_PCR_SELECTION currentPCRandBanks; /**< Complete selection with banks */ 212 } TPMS_POLICYPCR; 213 214 /** Policy type TPML_POLICYAUTHORIZATIONS 215 */ 216 typedef struct TPML_POLICYAUTHORIZATIONS { 217 UINT32 count; /**< None */ 218 TPMS_POLICYAUTHORIZATION authorizations[]; /**< Array of policy elements */ 219 } TPML_POLICYAUTHORIZATIONS; 220 221 typedef struct TPML_POLICYELEMENTS TPML_POLICYELEMENTS; 222 223 /** Policy type TPMS_POLICYBRANCH 224 */ 225 typedef struct { 226 char *name; /**< None */ 227 char *description; /**< None */ 228 TPML_DIGEST_VALUES policyDigests; 229 struct TPML_POLICYELEMENTS *policy; /**< Array of policy elements */ 230 } TPMS_POLICYBRANCH; 231 232 /** Policy type TPML_POLICYBRANCHES 233 */ 234 typedef struct TPML_POLICYBRANCHES { 235 UINT32 count; /**< None */ 236 TPMS_POLICYBRANCH authorizations[]; /**< Array of policy elements */ 237 } TPML_POLICYBRANCHES; 238 239 /** Policy type TPMS_POLICYOR 240 */ 241 typedef struct { 242 struct TPML_POLICYBRANCHES *branches; /**< An (infinite) array of policy elements. This does not contai */ 243 } TPMS_POLICYOR; 244 245 /** [u''] 246 */ 247 typedef union { 248 TPMS_POLICYOR PolicyOr; /**< None */ 249 TPMS_POLICYSIGNED PolicySigned; /**< None */ 250 TPMS_POLICYSECRET PolicySecret; /**< None */ 251 TPMS_POLICYPCR PolicyPCR; /**< None */ 252 TPMS_POLICYLOCALITY PolicyLocality; /**< None */ 253 TPMS_POLICYNV PolicyNV; /**< None */ 254 TPMS_POLICYCOUNTERTIMER PolicyCounterTimer; /**< None */ 255 TPMS_POLICYCOMMANDCODE PolicyCommandCode; /**< None */ 256 TPMS_POLICYPHYSICALPRESENCE PolicyPhysicalPresence; /**< None */ 257 TPMS_POLICYCPHASH PolicyCpHash; /**< None */ 258 TPMS_POLICYNAMEHASH PolicyNameHash; /**< None */ 259 TPMS_POLICYDUPLICATIONSELECT PolicyDuplicationSelect; /**< None */ 260 TPMS_POLICYAUTHORIZE PolicyAuthorize; /**< None */ 261 TPMS_POLICYAUTHVALUE PolicyAuthValue; /**< None */ 262 TPMS_POLICYPASSWORD PolicyPassword; /**< None */ 263 TPMS_POLICYNVWRITTEN PolicyNvWritten; /**< None */ 264 TPMS_POLICYTEMPLATE PolicyTemplate; /**< None */ 265 TPMS_POLICYAUTHORIZENV PolicyAuthorizeNv; /**< None */ 266 TPMS_POLICYACTION PolicyAction; /**< None */ 267 } TPMU_POLICYELEMENT; 268 269 /** Policy type TPMT_POLICYELEMENT 270 */ 271 typedef struct { 272 TPMI_POLICYTYPE type; /**< None */ 273 TPML_DIGEST_VALUES policyDigests; /**< None */ 274 TPMU_POLICYELEMENT element; /**< The union does is not embedded inside a field. */ 275 } TPMT_POLICYELEMENT; 276 277 /** Policy type TPML_POLICYELEMENTS 278 */ 279 struct TPML_POLICYELEMENTS { 280 UINT32 count; /**< None */ 281 TPMT_POLICYELEMENT elements[]; /**< Array of policy elements */ 282 }; 283 284 /** Policy type TPMS_POLICY 285 */ 286 typedef struct TPMS_POLICY { 287 char *description; /**< O */ 288 TPML_DIGEST_VALUES policyDigests; /**< O */ 289 struct TPML_POLICYAUTHORIZATIONS *policyAuthorizations; /**< O */ 290 struct TPML_POLICYELEMENTS *policy; /**< X */ 291 } TPMS_POLICY; 292 293 #endif /* IFAPI_POLICY_TYPES_H */ 294