1 /* SPDX-License-Identifier: BSD-2-Clause */ 2 /******************************************************************************* 3 * Copyright 2018-2019, Fraunhofer SIT sponsored by Infineon Technologies AG 4 * All rights reserved. 5 *******************************************************************************/ 6 #ifndef FAPI_POLICY_CALLBACKS_H 7 #define FAPI_POLICY_CALLBACKS_H 8 9 10 /** The states for policy execution callbacks */ 11 enum IFAPI_STATE_POL_CB_EXCECUTE { 12 POL_CB_EXECUTE_INIT = 0, 13 POL_CB_LOAD_KEY, 14 POL_CB_SEARCH_POLICY, 15 POL_CB_EXECUTE_SUB_POLICY, 16 POL_CB_NV_READ, 17 POL_CB_READ_NV_POLICY, 18 POL_CB_READ_OBJECT, 19 POL_CB_AUTHORIZE_OBJECT 20 }; 21 22 /** The context of the policy execution */ 23 typedef struct { 24 enum IFAPI_STATE_POL_CB_EXCECUTE cb_state; 25 /**< The execution state of the current policy callback */ 26 char*object_path; /**< The pathname determined by object search */ 27 IFAPI_OBJECT object; /**< Object to be authorized */ 28 ESYS_TR key_handle; /**< Handle of a used key */ 29 ESYS_TR nv_index; /**< Index of nv object storing a policy */ 30 ESYS_TR auth_index; /**< Index of authorization object */ 31 IFAPI_OBJECT auth_object; /**< FAPI auth object needed for authorization */ 32 IFAPI_OBJECT *key_object_ptr; 33 IFAPI_OBJECT *auth_object_ptr; 34 IFAPI_NV_Cmds nv_cmd_state; 35 IFAPI_NV_Cmds nv_cmd_state_sav; /**< backup for state of fapi nv commands */ 36 TPM2B_DIGEST policy_digest; 37 ESYS_TR session; 38 TPMS_POLICY *policy; 39 } IFAPI_POLICY_EXEC_CB_CTX; 40 41 TSS2_RC 42 ifapi_get_key_public( 43 const char *path, 44 TPMT_PUBLIC *public, 45 void *context); 46 47 TSS2_RC 48 ifapi_get_object_name( 49 const char *path, 50 TPM2B_NAME *name, 51 void *context); 52 53 TSS2_RC 54 ifapi_get_nv_public( 55 const char *path, 56 TPM2B_NV_PUBLIC *nv_public, 57 void *context); 58 59 TSS2_RC 60 ifapi_read_pcr( 61 TPMS_PCR_SELECT *pcr_select, 62 TPML_PCR_SELECTION *pcr_selection, 63 TPML_PCRVALUES **pcr_values, 64 void *ctx); 65 66 TSS2_RC 67 ifapi_policyeval_cbauth( 68 TPM2B_NAME *name, 69 ESYS_TR *object_handle, 70 ESYS_TR *auth_handle, 71 ESYS_TR *authSession, 72 void *userdata); 73 74 TSS2_RC 75 ifapi_branch_selection( 76 TPML_POLICYBRANCHES *branches, 77 size_t *branch_idx, 78 void *userdata); 79 80 TSS2_RC 81 ifapi_sign_buffer( 82 char *key_pem, 83 char *public_key_hint, 84 TPMI_ALG_HASH key_pem_hash_alg, 85 uint8_t *buffer, 86 size_t buffer_size, 87 uint8_t **signature, 88 size_t *signature_size, 89 void *userdata); 90 91 TSS2_RC 92 ifapi_exec_auth_policy( 93 TPMT_PUBLIC *key_public, 94 TPMI_ALG_HASH hash_alg, 95 TPM2B_DIGEST *digest, 96 TPMT_SIGNATURE *signature, 97 void *userdata); 98 99 TSS2_RC 100 ifapi_exec_auth_nv_policy( 101 TPM2B_NV_PUBLIC *nv_public, 102 TPMI_ALG_HASH hash_alg, 103 void *userdata); 104 105 TSS2_RC 106 ifapi_get_duplicate_name( 107 TPM2B_NAME *name, 108 void *userdata); 109 110 TSS2_RC 111 ifapi_policy_action( 112 const char *action, 113 void *userdata); 114 115 #endif /* FAPI_POLICY_CALLBACKS_H */ 116