1 /* SPDX-License-Identifier: BSD-2-Clause */ 2 /******************************************************************************* 3 * Copyright 2018-2019, Fraunhofer SIT sponsored by Infineon Technologies AG 4 * All rights reserved. 5 ******************************************************************************/ 6 7 #ifndef IFAPI_KEYSTORE_H 8 #define IFAPI_KEYSTORE_H 9 10 #include <stdlib.h> 11 12 #include "tss2_common.h" 13 #include "tss2_tpm2_types.h" 14 #include "fapi_types.h" 15 #include "ifapi_policy_types.h" 16 #include "tss2_esys.h" 17 18 typedef UINT32 IFAPI_OBJECT_TYPE_CONSTANT; 19 #define IFAPI_OBJ_NONE 0 /**< Tag for key resource */ 20 #define IFAPI_KEY_OBJ 1 /**< Tag for key resource */ 21 #define IFAPI_NV_OBJ 2 /**< Tag for NV Ram resource */ 22 #define IFAPI_EXT_PUB_KEY_OBJ 3 /**< Tag for key resource */ 23 #define IFAPI_HIERARCHY_OBJ 4 /**< Tag for other resources, e.g. PCR register, hierarchies */ 24 #define IFAPI_DUPLICATE_OBJ 5 /**< Tag for key duplication object */ 25 26 /** Type for representing a FAPI key 27 */ 28 typedef struct { 29 UINT32 persistent_handle; /**< Persistent TPM Handle */ 30 TPM2B_PUBLIC public; /**< The wrapped public portion of the object */ 31 UINT8_ARY serialization; /**< None */ 32 UINT8_ARY private; /**< None */ 33 char *policyInstance; /**< Keys policy */ 34 TPM2B_CREATION_DATA creationData; /**< None */ 35 TPMT_TK_CREATION creationTicket; /**< None */ 36 char *description; /**< Human readable description of key */ 37 UINT8_ARY appData; /**< Application data */ 38 char *certificate; /**< Keys certificate (if any) */ 39 TPMT_SIG_SCHEME signing_scheme; /**< Signing scheme for the key */ 40 TPM2B_NAME name; /**< Name of the key */ 41 TPMI_YES_NO with_auth; /**< Authorization provided during creation */ 42 } IFAPI_KEY; 43 44 /** Type for representing a external public key 45 */ 46 typedef struct { 47 char *pem_ext_public; /**< Public key in PEM format */ 48 char *certificate; /**< Keys certificate (if any) */ 49 TPM2B_PUBLIC public; /**< The pulic information in TPM format */ 50 } IFAPI_EXT_PUB_KEY; 51 52 /** Type for representing hierarchy 53 */ 54 typedef struct { 55 TPMI_YES_NO with_auth; /**< Authorization provided */ 56 char *description; /**< Human readable description of hierarchy */ 57 TPM2B_DIGEST authPolicy; 58 } IFAPI_HIERARCHY; 59 60 /** Type for representing a FAPI NV object 61 */ 62 typedef struct { 63 TPM2B_NV_PUBLIC public; /**< The wrapped public portion of the object */ 64 UINT8_ARY serialization; /**< None */ 65 UINT32 hierarchy; /**< The hierarchy used for NV object creation */ 66 char *policyInstance; /**< Keys policy */ 67 char *description; /**< Human readable description of key */ 68 UINT8_ARY appData; /**< Application data */ 69 TPMI_YES_NO with_auth; /**< Authorization provided during creation */ 70 char* event_log; /**< The event log if NV type is pcr */ 71 } IFAPI_NV; 72 73 /** Type for representing a FAPI object for key duplication. 74 */ 75 typedef struct { 76 77 TPM2B_PRIVATE duplicate; /**< The duplicate of the key to export*/ 78 TPM2B_ENCRYPTED_SECRET encrypted_seed; /**< Encrypted seed needed for key import */ 79 TPM2B_PUBLIC public; /**< The public information of the key to be duplicated */ 80 TPM2B_PUBLIC public_parent; /**< The public information of the new parent key */ 81 char *certificate; /**< The certificate of the key to be duplicated */ 82 TPMS_POLICY *policy; /**< The policy of the key to be duplicated */ 83 } IFAPI_DUPLICATE; 84 85 /** type for representing public info of a TPM-Resource 86 */ 87 typedef union { 88 IFAPI_EXT_PUB_KEY ext_pub_key; /**< Public info for external key. */ 89 IFAPI_KEY key; /**< Public info for key objects */ 90 IFAPI_NV nv; /**< Public info for NV ram objects */ 91 IFAPI_DUPLICATE key_tree; /**< Information for key duplication */ 92 IFAPI_HIERARCHY hierarchy; /**< Information related to hierarchies */ 93 } IFAPI_OBJECT_UNION; 94 95 /** The states for key searching */ 96 enum FAPI_SEARCH_STATE { 97 KSEARCH_INIT = 0, 98 KSEARCH_SEARCH_OBJECT, 99 KSEARCH_READ 100 }; 101 102 /** The data structure holding internal state for key searching. 103 */ 104 typedef struct { 105 size_t path_idx; /**< Index of array of objects to be searched */ 106 size_t numPaths; /**< Number of all objects in data store */ 107 char **pathlist; /**< The array of all objects in the search path */ 108 enum FAPI_SEARCH_STATE state; 109 } IFAPI_KEY_SEARCH; 110 111 typedef struct IFAPI_KEYSTORE { 112 char *systemdir; 113 char *userdir; 114 char *defaultprofile; 115 IFAPI_KEY_SEARCH key_search; 116 } IFAPI_KEYSTORE; 117 118 119 /** The states for the FAPI's object authorization state*/ 120 enum IFAPI_AUTHORIZATION_STATE { 121 AUTH_INIT = 0, 122 AUTH_CHECK_POLICY, 123 AUTH_CREATE_SESSION, 124 AUTH_EXEC_POLICY, 125 AUTH_FLUSH_OLD_POLICY, 126 AUTH_DONE 127 }; 128 129 /** The states for the FAPI's object write/read state*/ 130 enum IFAPI_IO_STATE { 131 IO_INIT = 0, 132 IO_ACTIVE, 133 }; 134 135 /** Type for representing TPM-Resource 136 */ 137 typedef struct _IFAPI_OBJECT { 138 TPMS_POLICY *policy; 139 IFAPI_OBJECT_TYPE_CONSTANT objectType; /**< Selector for object type */ 140 IFAPI_OBJECT_UNION misc; /**< Resource specific information */ 141 TPMI_YES_NO system; /**< Store the object in the system wide 142 directory */ 143 ESYS_TR handle; /**< Handle used by ESAPI */ 144 enum IFAPI_AUTHORIZATION_STATE authorization_state; /**< State of object authorization state machine */ 145 enum IFAPI_IO_STATE state; 146 147 } IFAPI_OBJECT; 148 149 150 TSS2_RC 151 ifapi_keystore_initialize( 152 IFAPI_KEYSTORE *keystore, 153 const char *config_systemdir, 154 const char *config_userdir, 155 const char *config_defaultprofile); 156 157 TSS2_RC 158 ifapi_keystore_load_async( 159 IFAPI_KEYSTORE *keystore, 160 IFAPI_IO *io, 161 const char *path); 162 163 TSS2_RC 164 ifapi_keystore_load_finish( 165 IFAPI_KEYSTORE *keystore, 166 IFAPI_IO *io, 167 IFAPI_OBJECT *object); 168 169 TSS2_RC 170 ifapi_keystore_store_async( 171 IFAPI_KEYSTORE *keystore, 172 IFAPI_IO *io, 173 const char *path, 174 const IFAPI_OBJECT *object); 175 176 TSS2_RC 177 ifapi_keystore_store_finish( 178 IFAPI_KEYSTORE *keystore, 179 IFAPI_IO *io); 180 181 TSS2_RC 182 ifapi_keystore_list_all( 183 IFAPI_KEYSTORE *keystore, 184 const char *searchpath, 185 char ***results, 186 size_t *numresults); 187 188 TSS2_RC 189 ifapi_keystore_delete( 190 IFAPI_KEYSTORE *keystore, 191 char *path); 192 193 TSS2_RC 194 ifapi_keystore_remove_directories( 195 IFAPI_KEYSTORE *keystore, 196 const char *dir_name); 197 198 TSS2_RC 199 ifapi_keystore_search_obj( 200 IFAPI_KEYSTORE *keystore, 201 IFAPI_IO *io, 202 TPM2B_NAME *name, 203 char **found_path); 204 205 TSS2_RC 206 ifapi_keystore_search_nv_obj( 207 IFAPI_KEYSTORE *keystore, 208 IFAPI_IO *io, 209 TPM2B_NV_PUBLIC *nv_public, 210 char **found_path); 211 212 TSS2_RC 213 ifapi_keystore_check_overwrite( 214 IFAPI_KEYSTORE *keystore, 215 IFAPI_IO *io, 216 const char *path); 217 218 TSS2_RC 219 ifapi_keystore_check_writeable( 220 IFAPI_KEYSTORE *keystore, 221 IFAPI_IO *io, 222 const char *path); 223 224 TSS2_RC 225 ifapi_copy_ifapi_key( 226 IFAPI_KEY * dest, 227 const IFAPI_KEY * src); 228 229 TSS2_RC 230 ifapi_copy_ifapi_key_object( 231 IFAPI_OBJECT * dest, 232 const IFAPI_OBJECT * src); 233 234 void ifapi_cleanup_ifapi_key( 235 IFAPI_KEY * key); 236 237 void ifapi_cleanup_ifapi_ext_pub_key( 238 IFAPI_EXT_PUB_KEY * key); 239 240 void ifapi_cleanup_ifapi_hierarchy( 241 IFAPI_HIERARCHY * hierarchy); 242 243 void ifapi_cleanup_ifapi_nv( 244 IFAPI_NV * nv); 245 246 void ifapi_cleanup_ifapi_duplicate( 247 IFAPI_DUPLICATE * duplicate); 248 249 void ifapi_cleanup_ifapi_key_search( 250 IFAPI_KEY_SEARCH * key_search); 251 252 void ifapi_cleanup_ifapi_keystore( 253 IFAPI_KEYSTORE * keystore); 254 255 void 256 ifapi_cleanup_ifapi_object( 257 IFAPI_OBJECT *object); 258 259 #endif /* IFAPI_KEYSTORE_H */ 260