10#include "ifapi_policy_types.h"
11#include "ifapi_policy_instantiate.h"
12#include "ifapi_eventlog.h"
14#include "ifapi_profiles.h"
15#include "ifapi_macros.h"
16#include "ifapi_keystore.h"
17#include "ifapi_policy_store.h"
18#include "ifapi_config.h"
31#include <json-c/json.h>
37#define DEFAULT_LOG_DIR "/run/tpm2_tss"
38#define IFAPI_PCR_LOG_FILE "pcr.log"
39#define IFAPI_OBJECT_TYPE ".json"
40#define IFAPI_OBJECT_FILE "object.json"
41#define IFAPI_SRK_KEY_PATH "/HS/SRK"
42#define IFAPI_EK_KEY_PATH "/HE/EK"
43#define IFAPI_HS_PATH "/HS"
44#define IFAPI_HE_PATH "/HE"
45#define IFAPI_HN_PATH "/HN"
46#define IFAPI_LOCKOUT_PATH "/LOCKOUT"
47#define IFAPI_SRK_OBJECT_PATH "/HS/SRK/object.json"
48#define IFAPI_HS_OBJECT_PATH "/HS/object.json"
50typedef UINT32 TSS2_KEY_TYPE;
53#define MIN_EK_CERT_HANDLE 0x1c00000
54#define MIN_PLATFORM_CERT_HANDLE 0x01C08000
55#define MAX_PLATFORM_CERT_HANDLE 0x01C0FFFF
57typedef UINT8 IFAPI_SESSION_TYPE;
58#define IFAPI_SESSION_GENEK 0x01
59#define IFAPI_SESSION1 0x02
60#define IFAPI_SESSION2 0x04
62#define IFAPI_POLICY_PATH "policy"
63#define IFAPI_NV_PATH "nv"
64#define IFAPI_EXT_PATH "ext"
65#define IFAPI_FILE_DELIM "/"
66#define IFAPI_LIST_DELIM ":"
67#define IFAPI_FILE_DELIM_CHAR '/'
68#define IFAPI_PUB_KEY_DIR "ext"
69#define IFAPI_POLICY_DIR "policy"
70#define IFAPI_PEM_PUBLIC_STRING "-----BEGIN PUBLIC KEY-----"
71#define IFAPI_PEM_PRIVATE_KEY "-----PRIVATE KEY-----"
72#define IFAPI_JSON_TAG_POLICY "policy"
73#define IFAPI_JSON_TAG_OBJECT_TYPE "objectType"
74#define IFAPI_JSON_TAG_DUPLICATE "public_parent"
76#define FAPI_WRITE W_OK
79#if TPM2_MAX_NV_BUFFER_SIZE > TPM2_MAX_DIGEST_BUFFER
80#define IFAPI_MAX_BUFFER_SIZE TPM2_MAX_NV_BUFFER_SIZE
82#define IFAPI_MAX_BUFFER_SIZE TPM2_MAX_DIGEST_BUFFER
85#define IFAPI_FLUSH_PARENT true
86#define IFAPI_NOT_FLUSH_PARENT false
91 BYTE buffer[IFAPI_MAX_BUFFER_SIZE];
94#define OSSL_FREE(S,TYPE) if((S) != NULL) {TYPE##_free((void*) (S)); (S)=NULL;}
97#define FAPI_COPY_DIGEST(dest_buffer, dest_size, src, src_size) \
98 if (src_size > sizeof(TPMU_HA)) { \
99 return_error(TSS2_FAPI_RC_BAD_VALUE, "Digest size too large."); \
101 memcpy(dest_buffer, (src), (src_size)); \
104#define HASH_UPDATE(CONTEXT, TYPE, OBJECT, R, LABEL) \
106 uint8_t buffer[sizeof(TYPE)]; \
108 R = Tss2_MU_ ## TYPE ## _Marshal(OBJECT, \
109 &buffer[0], sizeof(TYPE), &offset); \
110 goto_if_error(R, "Marshal for hash update", LABEL); \
111 R = ifapi_crypto_hash_update(CONTEXT, \
112 (const uint8_t *) &buffer[0], \
114 goto_if_error(R, "crypto hash update", LABEL); }
116#define HASH_UPDATE_BUFFER(CONTEXT, BUFFER, SIZE, R, LABEL) \
117 R = ifapi_crypto_hash_update(CONTEXT, \
118 (const uint8_t *) BUFFER, SIZE) ; \
119 goto_if_error(R, "crypto hash update", LABEL);
121#define FAPI_SYNC(r,msg,label, ...) \
122 if (base_rc(r) == TSS2_BASE_RC_TRY_AGAIN) \
123 return TSS2_FAPI_RC_TRY_AGAIN; \
124 if (r != TSS2_RC_SUCCESS) { \
125 LOG_ERROR(TPM2_ERROR_FORMAT " " msg, TPM2_ERROR_TEXT(r), ## __VA_ARGS__); \
130enum IFAPI_GET_CERT_STATE {
132 GET_CERT_WAIT_FOR_GET_CAP,
133 GET_CERT_GET_CERT_NV,
134 GET_CERT_GET_CERT_NV_FINISH,
135 GET_CERT_GET_CERT_READ_PUBLIC,
136 GET_CERT_GET_CERT_READ_HIERARCHY,
141enum IFAPI_CLEANUP_STATE {
149enum IFAPI_READ_NV_PUBLIC_STATE {
150 READ_NV_PUBLIC_INIT = 0,
151 READ_NV_PUBLIC_GET_ESYS_TR,
152 READ_NV_PUBLIC_GET_PUBLIC
155#define IFAPI_MAX_CAP_INFO 17
159 TPMS_CAPABILITY_DATA *capability;
185 TPMS_NV_PUBLIC
public;
197enum _FAPI_STATE_NV_READ {
205enum _FAPI_STATE_NV_WRITE {
208 NV2_WRITE_WAIT_FOR_SESSSION,
209 NV2_WRITE_NULL_AUTH_SENT,
211 NV2_WRITE_WRITE_PREPARE,
222 TPM2B_NV_PUBLIC
public;
254 TPMS_CAPABILITY_DATA *capability;
273 TPML_DIGEST *pcrValues;
274 TPM2_HANDLE pcrIndex;
275 TPMI_ALG_HASH hashAlg;
279 TPMS_CAPABILITY_DATA *capabilityData;
283 uint8_t
const *eventData;
285 size_t eventDataSize;
286 uint32_t
const *hashAlgs;
289 char const *quoteInfo;
290 TPM2B_ATTEST *tpm_quoted;
291 TPMT_SIGNATURE *tpm_signature;
293 size_t signatureSize;
297 json_object *event_list;
301 char *event_log_file;
336enum IFAPI_KEY_CREATE_STATE {
338 KEY_CREATE_WAIT_FOR_SESSION,
339 KEY_CREATE_WAIT_FOR_PARENT,
340 KEY_CREATE_AUTH_SENT,
341 KEY_CREATE_WAIT_FOR_LOAD_AUTHORIZATION,
342 KEY_CREATE_WAIT_FOR_KEY,
343 KEY_CREATE_WAIT_FOR_HIERARCHY,
344 KEY_CREATE_AUTHORIZE_HIERARCHY,
345 KEY_CREATE_WAIT_FOR_EVICT_CONTROL,
346 KEY_CREATE_WRITE_PREPARE,
350 KEY_CREATE_CALCULATE_POLICY,
351 KEY_CREATE_PRIMARY_CALCULATE_POLICY,
352 KEY_CREATE_WAIT_FOR_AUTHORIZATION,
354 KEY_CREATE_WAIT_FOR_RANDOM,
355 KEY_CREATE_PRIMARY_INIT,
356 KEY_CREATE_PRIMARY_WAIT_FOR_SESSION,
357 KEY_CREATE_PRIMARY_WAIT_FOR_HIERARCHY,
358 KEY_CREATE_PRIMARY_WAIT_FOR_AUTHORIZE1,
359 KEY_CREATE_PRIMARY_WAIT_FOR_AUTHORIZE2,
360 KEY_CREATE_PRIMARY_WAIT_FOR_PRIMARY,
361 KEY_CREATE_PRIMARY_WAIT_FOR_EVICT_CONTROL,
362 KEY_CREATE_PRIMARY_FLUSH,
363 KEY_CREATE_PRIMARY_WRITE_PREPARE,
364 KEY_CREATE_PRIMARY_WRITE,
365 KEY_CREATE_PRIMARY_CLEANUP
371 enum IFAPI_KEY_CREATE_STATE state;
379 TPM2B_SENSITIVE_CREATE inSensitive;
380 TPM2B_DATA outsideInfo;
381 TPML_PCR_SELECTION creationPCR;
383 const char *authValue;
384 const char *policyPath;
394 uint8_t
const *in_data;
401 TPMT_RSA_DECRYPT rsa_scheme;
407 size_t plainTextSize;
409 size_t cipherTextSize;
413enum FAPI_SIGN_STATE {
415 SIGN_WAIT_FOR_SESSION,
436 size_t signatureSize;
445 TPM2B_SENSITIVE_DATA *unseal_data;
456 UINT32 property_count;
461enum IFAPI_HIERACHY_AUTHORIZATION_STATE {
462 HIERARCHY_CHANGE_AUTH_INIT = 0,
463 HIERARCHY_CHANGE_AUTH_NULL_AUTH_SENT,
464 HIERARCHY_CHANGE_AUTH_AUTH_SENT
468enum IFAPI_HIERACHY_POLICY_AUTHORIZATION_STATE {
469 HIERARCHY_CHANGE_POLICY_INIT = 0,
470 HIERARCHY_CHANGE_POLICY_NULL_AUTH_SENT,
471 HIERARCHY_CHANGE_POLICY_AUTHORIZE,
472 HIERARCHY_CHANGE_POLICY_AUTH_SENT
498 TPM2B_DIGEST policyRef;
528 TPM2B_SENSITIVE_CREATE inSensitive;
529 TPM2B_DATA outsideInfo;
530 TPML_PCR_SELECTION creationPCR;
532 const char *authValueLockout;
533 const char *authValueEh;
534 const char *policyPathEh;
535 const char *authValueSh;
536 const char *policyPathSh;
539 TPM2_HANDLE cert_nv_idx;
540 TPM2B_NV_PUBLIC *nvPublic;
543 TPM2_ALG_ID cert_key_type;
546 TPMS_CAPABILITY_DATA *capabilityData;
548 TPM2B_AUTH hierarchy_auth;
549 TPM2B_DIGEST policy_digest;
552 TPMA_PERMANENT auth_state;
566 TPM2B_SENSITIVE_CREATE inSensitive;
567 TPM2B_DATA outsideInfo;
568 TPML_PCR_SELECTION creationPCR;
570 TPMI_DH_PERSISTENT persistent_handle;
571 TPMS_CAPABILITY_DATA *capabilityData;
578 uint8_t
const *signature;
579 size_t signatureSize;
580 uint8_t
const *digest;
586enum IFAPI_STATE_POLICY {
590 POLICY_INSTANTIATE_PREPARE,
592 POLICY_EXECUTE_PREPARE,
601enum FAPI_CREATE_SESSION_STATE {
602 CREATE_SESSION_INIT = 0,
604 WAIT_FOR_CREATE_SESSION
610 enum IFAPI_STATE_POLICY state;
615 TPMI_ALG_HASH hash_alg;
626 enum FAPI_CREATE_SESSION_STATE create_session_state;
632enum IFAPI_STATE_FILE_SEARCH {
641 enum IFAPI_STATE_FILE_SEARCH state;
649enum _FAPI_STATE_PREPARE_LOAD_KEY {
650 PREPARE_LOAD_KEY_INIT = 0,
651 PREPARE_LOAD_KEY_WAIT_FOR_SESSION,
652 PREPARE_LOAD_KEY_INIT_KEY,
653 PREPARE_LOAD_KEY_WAIT_FOR_KEY
657enum _FAPI_STATE_LOAD_KEY {
658 LOAD_KEY_GET_PATH = 0,
660 LOAD_KEY_WAIT_FOR_PRIMARY,
699 TPM2B_NAME parent_name;
704 TPM2B_PRIVATE *
private;
714 enum _FAPI_STATE_PREPARE_LOAD_KEY prepare_state;
721 bool parent_handle_persistent;
794enum _FAPI_STATE_PRIMARY {
797 PRIMARY_READ_HIERARCHY,
798 PRIMARY_READ_HIERARCHY_FINISH,
799 PRIMARY_AUTHORIZE_HIERARCHY,
800 PRIMARY_GET_AUTH_VALUE,
801 PRIMARY_WAIT_FOR_PRIMARY,
804 PRIMARY_VERIFY_PERSISTENT,
809enum _FAPI_STATE_SESSION {
811 SESSION_WAIT_FOR_PRIMARY,
812 SESSION_CREATE_SESSION,
813 SESSION_WAIT_FOR_SESSION1,
814 SESSION_WAIT_FOR_SESSION2
818enum _FAPI_STATE_GET_RANDOM {
824enum _FAPI_FLUSH_STATE {
831 _FAPI_STATE_INIT = 0,
834 _FAPI_STATE_INTERNALERROR,
837 INITIALIZE_INIT_TCTI,
839 INITIALIZE_WAIT_FOR_CAP,
840 INITIALIZE_READ_PROFILE,
841 INITIALIZE_READ_PROFILE_INIT,
842 INITIALIZE_READ_TIME,
843 INITIALIZE_CHECK_NULL_PRIMARY,
844 INITIALIZE_READ_NULL_PRIMARY,
845 PROVISION_WAIT_FOR_GET_CAP_AUTH_STATE,
846 PROVISION_WAIT_FOR_GET_CAP0,
847 PROVISION_WAIT_FOR_GET_CAP1,
848 PROVISION_INIT_GET_CAP2,
849 PROVISION_WAIT_FOR_GET_CAP2,
850 PROVISION_GET_CERT_NV,
851 PROVISION_GET_CERT_NV_FINISH,
852 PROVISION_GET_CERT_READ_PUBLIC,
854 PROVISION_PREPARE_READ_ROOT_CERT,
855 PROVISION_READ_ROOT_CERT,
856 PROVISION_PREPARE_READ_INT_CERT,
857 PROVISION_READ_INT_CERT,
860 PROVISION_WAIT_FOR_EK_SESSION,
861 PROVISION_WAIT_FOR_SRK_SESSION,
862 PROVISION_AUTH_EK_NO_AUTH_SENT,
863 PROVISION_AUTH_EK_AUTH_SENT,
864 PROVISION_AUTH_SRK_NO_AUTH_SENT,
865 PROVISION_AUTH_SRK_AUTH_SENT,
866 PROVISION_CLEAN_EK_SESSION,
867 PROVISION_CLEAN_SRK_SESSION,
868 PROVISION_EK_WRITE_PREPARE,
870 PROVISION_EK_CHECK_CERT,
871 PROVISION_SRK_WRITE_PREPARE,
873 PROVISION_WAIT_FOR_EK_PERSISTENT,
874 PROVISION_WAIT_FOR_SRK_PERSISTENT,
875 PROVISION_CHANGE_LOCKOUT_AUTH,
876 PROVISION_CHANGE_EH_CHECK,
877 PROVISION_CHANGE_EH_AUTH,
878 PROVISION_CHANGE_SH_CHECK,
879 PROVISION_CHANGE_SH_AUTH,
880 PROVISION_EH_CHANGE_POLICY,
881 PROVISION_SH_CHANGE_POLICY,
882 PROVISION_LOCKOUT_CHANGE_POLICY,
886 PROVISION_PREPARE_NULL,
887 PROVISION_WRITE_NULL,
888 PROVISION_WRITE_LOCKOUT,
889 PROVISION_WRITE_LOCKOUT_PARAM,
890 PROVISION_PREPARE_LOCKOUT_PARAM,
891 PROVISION_AUTHORIZE_LOCKOUT,
894 PROVISION_CHECK_FOR_VENDOR_CERT,
895 PROVISION_GET_VENDOR,
896 PROVISION_GET_HIERARCHIES,
897 PROVISION_READ_HIERARCHIES,
898 PROVISION_READ_HIERARCHY,
899 PROVISION_WRITE_HIERARCHIES,
900 PROVISION_WRITE_HIERARCHY,
901 PROVISION_PREPARE_GET_CAP_AUTH_STATE,
902 PROVISION_SRK_GET_PERSISTENT_NAME,
903 PROVISION_CHECK_SRK_EVICT_CONTROL,
904 PROVISION_AUTHORIZE_HS_FOR_EK_EVICT,
905 PROVISION_PREPARE_EK_EVICT,
912 KEY_SET_CERTIFICATE_READ,
913 KEY_SET_CERTIFICATE_WRITE,
915 KEY_GET_CERTIFICATE_READ,
917 GET_RANDOM_WAIT_FOR_SESSION,
918 GET_RANDOM_WAIT_FOR_RANDOM,
921 NV_CREATE_READ_PROFILE,
922 NV_CREATE_READ_HIERARCHY,
923 NV_CREATE_AUTHORIZE_HIERARCHY,
925 NV_CREATE_FIND_INDEX,
926 NV_CREATE_WAIT_FOR_SESSION,
930 NV_CREATE_CALCULATE_POLICY,
937 NV_EXTEND_WAIT_FOR_SESSION,
944 NV_INCREMENT_WAIT_FOR_SESSION,
945 NV_INCREMENT_AUTHORIZE,
946 NV_INCREMENT_AUTH_SENT,
948 NV_INCREMENT_CLEANUP,
951 NV_SET_BITS_WAIT_FOR_SESSION,
952 NV_SET_BITS_AUTHORIZE,
953 NV_SET_BITS_AUTH_SENT,
959 NV_READ_WAIT_FOR_SESSION,
962 ENTITY_DELETE_GET_FILE,
964 ENTITY_DELETE_WAIT_FOR_SESSION,
965 ENTITY_DELETE_NULL_AUTH_SENT_FOR_KEY,
966 ENTITY_DELETE_AUTH_SENT_FOR_KEY,
967 ENTITY_DELETE_NULL_AUTH_SENT_FOR_NV,
968 ENTITY_DELETE_AUTH_SENT_FOR_NV,
970 ENTITY_DELETE_KEY_WAIT_FOR_HIERARCHY,
971 ENTITY_DELETE_KEY_WAIT_FOR_AUTHORIZATION,
972 ENTITY_DELETE_AUTHORIZE_NV,
974 ENTITY_DELETE_POLICY,
975 ENTITY_DELETE_REMOVE_DIRS,
976 ENTITY_DELETE_CLEANUP,
977 ENTITY_DELETE_READ_HIERARCHY,
979 GET_ESYS_BLOB_GET_FILE,
981 GET_ESYS_BLOB_NULL_AUTH_SENT_FOR_KEY,
982 GET_ESYS_BLOB_AUTH_SENT_FOR_KEY,
983 GET_ESYS_BLOB_NULL_AUTH_SENT_FOR_NV,
984 GET_ESYS_BLOB_AUTH_SENT_FOR_NV,
986 GET_ESYS_BLOB_WAIT_FOR_KEY,
987 GET_ESYS_BLOB_WAIT_FOR_CONTEXT_SAVE,
988 GET_ESYS_BLOB_SERIALIZE,
990 GET_ESYS_BLOB_WAIT_FOR_FLUSH,
991 GET_ESYS_BLOB_CLEANUP,
993 ENTITY_GET_TPM_BLOBS_READ,
995 KEY_SIGN_WAIT_FOR_KEY,
996 KEY_SIGN_WAIT_FOR_SIGN,
999 ENTITY_CHANGE_AUTH_WAIT_FOR_SESSION,
1000 ENTITY_CHANGE_AUTH_WAIT_FOR_KEY,
1001 ENTITY_CHANGE_AUTH_AUTH_SENT,
1002 ENTITY_CHANGE_AUTH_WAIT_FOR_FLUSH,
1003 ENTITY_CHANGE_AUTH_WRITE_PREPARE,
1004 ENTITY_CHANGE_AUTH_WRITE,
1005 ENTITY_CHANGE_AUTH_WAIT_FOR_KEY_AUTH,
1006 ENTITY_CHANGE_AUTH_WAIT_FOR_NV_READ,
1007 ENTITY_CHANGE_AUTH_WAIT_FOR_NV_AUTH,
1008 ENTITY_CHANGE_AUTH_WAIT_FOR_NV_CHANGE_AUTH,
1009 ENTITY_CHANGE_AUTH_HIERARCHY_CHANGE_AUTH,
1010 ENTITY_CHANGE_AUTH_HIERARCHY_READ,
1011 ENTITY_CHANGE_AUTH_HIERARCHY_AUTHORIZE,
1012 ENTITY_CHANGE_AUTH_SAVE_HIERARCHIES_PREPARE,
1013 ENTITY_CHANGE_AUTH_SAVE_HIERARCHIES_FINISH,
1014 ENTITY_CHANGE_AUTH_CLEANUP,
1016 DATA_ENCRYPT_WAIT_FOR_PROFILE,
1017 DATA_ENCRYPT_WAIT_FOR_SESSION,
1018 DATA_ENCRYPT_WAIT_FOR_KEY,
1019 DATA_ENCRYPT_WAIT_FOR_FLUSH,
1020 DATA_ENCRYPT_WAIT_FOR_RSA_ENCRYPTION,
1023 DATA_DECRYPT_WAIT_FOR_PROFILE,
1024 DATA_DECRYPT_WAIT_FOR_SESSION,
1025 DATA_DECRYPT_WAIT_FOR_KEY,
1026 DATA_DECRYPT_WAIT_FOR_FLUSH,
1027 DATA_DECRYPT_WAIT_FOR_RSA_DECRYPTION,
1028 DATA_DECRYPT_AUTHORIZE_KEY,
1029 DATA_DECRYPT_CLEANUP,
1031 PCR_EXTEND_WAIT_FOR_SESSION,
1032 PCR_EXTEND_WAIT_FOR_GET_CAP,
1033 PCR_EXTEND_READ_EVENT_LOG,
1034 PCR_EXTEND_APPEND_EVENT_LOG,
1039 PCR_READ_READ_EVENT_LIST,
1041 PCR_QUOTE_WAIT_FOR_GET_CAP,
1042 PCR_QUOTE_WAIT_FOR_SESSION,
1043 PCR_QUOTE_WAIT_FOR_KEY,
1044 PCR_QUOTE_AUTH_SENT,
1045 PCR_QUOTE_AUTHORIZE,
1046 PCR_QUOTE_WAIT_FOR_FLUSH,
1047 PCR_QUOTE_READ_EVENT_LIST,
1050 PATH_SET_DESCRIPTION_READ,
1051 PATH_SET_DESCRIPTION_WRITE,
1053 PATH_GET_DESCRIPTION_READ,
1058 AUTHORIZE_NEW_CALCULATE_POLICY,
1059 AUTHORIZE_NEW_LOAD_KEY,
1060 AUTHORIZE_NEW_KEY_SIGN_POLICY,
1061 AUTHORIZE_NEW_WRITE_POLICY_PREPARE,
1062 AUTHORIZE_NEW_WRITE_POLICY,
1063 AUTHORIZE_NEW_CLEANUP,
1065 WRITE_AUTHORIZE_NV_READ_NV,
1066 WRITE_AUTHORIZE_NV_CALCULATE_POLICY,
1067 WRITE_AUTHORIZE_NV_WRITE_NV_RAM_PREPARE,
1068 WRITE_AUTHORIZE_NV_WRITE_NV_RAM,
1069 WRITE_AUTHORIZE_NV_WRITE_OBJCECT,
1070 WRITE_AUTHORIZE_NV_WRITE_POLICY_PREPARE,
1071 WRITE_AUTHORIZE_NV_WRITE_POLICY,
1072 WRITE_AUTHORIZE_NV_CLEANUP,
1074 EXPORT_KEY_READ_PUB_KEY,
1075 EXPORT_KEY_READ_PUB_KEY_PARENT,
1076 EXPORT_KEY_WAIT_FOR_KEY,
1077 EXPORT_KEY_WAIT_FOR_DUPLICATE,
1078 EXPORT_KEY_WAIT_FOR_EXT_KEY,
1079 EXPORT_KEY_WAIT_FOR_AUTHORIZATON,
1080 EXPORT_KEY_WAIT_FOR_FLUSH1,
1081 EXPORT_KEY_WAIT_FOR_FLUSH2,
1084 IMPORT_KEY_WRITE_POLICY,
1087 IMPORT_KEY_LOAD_PARENT,
1088 IMPORT_KEY_AUTHORIZE_PARENT,
1090 IMPORT_KEY_WAIT_FOR_FLUSH,
1091 IMPORT_KEY_WRITE_OBJECT_PREPARE,
1092 IMPORT_KEY_WRITE_OBJECT,
1094 IMPORT_WAIT_FOR_SESSION,
1095 IMPORT_WAIT_FOR_PARENT,
1096 IMPORT_WAIT_FOR_AUTHORIZATION,
1097 IMPORT_WAIT_FOR_KEY,
1099 IMPORT_FLUSH_PARENT,
1103 UNSEAL_WAIT_FOR_KEY,
1104 UNSEAL_AUTHORIZE_OBJECT,
1105 UNSEAL_WAIT_FOR_UNSEAL,
1106 UNSEAL_WAIT_FOR_FLUSH,
1109 GET_PLATFORM_CERTIFICATE,
1111 POLICY_EXPORT_READ_OBJECT,
1112 POLICY_EXPORT_READ_OBJECT_FINISH,
1113 POLICY_EXPORT_READ_POLICY,
1114 POLICY_EXPORT_READ_POLICY_FINISH,
1115 POLICY_EXPORT_CHECK_DIGEST,
1116 POLICY_EXPORT_COMPUTE_POLICY_DIGEST,
1121 GET_INFO_GET_CAP_MORE,
1122 GET_INFO_WAIT_FOR_CAP
1134 Fapi_CB_Branch branch;
1138 Fapi_CB_PolicyAction action;
1163 enum IFAPI_HIERACHY_AUTHORIZATION_STATE hierarchy_state;
1164 enum IFAPI_HIERACHY_POLICY_AUTHORIZATION_STATE hierarchy_policy_state;
1165 enum IFAPI_GET_CERT_STATE get_cert_state;
1168 enum IFAPI_READ_NV_PUBLIC_STATE read_nv_public_state;
1182 TPMI_DH_PERSISTENT ek_persistent;
1183 TPMI_DH_PERSISTENT srk_persistent;
1184 IFAPI_SESSION_TYPE session_flags;
1185 TPMA_SESSION session1_attribute_flags;
1186 TPMA_SESSION session2_attribute_flags;
1191 enum IFAPI_IO_STATE io_state;
1197#define VENDOR_IFX 0x49465800
1198#define VENDOR_INTC 0x494E5443
1199#define VEDNOR_IBM 0x49424D20
uint32_t ESYS_TR
Definition: tss2_esys.h:16
Definition: esys_int.h:160
Definition: ifapi_keystore.h:145
Definition: fapi_int.h:1148
IFAPI_Key_Sign Key_Sign
Definition: fapi_int.h:1190
UINT32 nv_buffer_max
Definition: fapi_int.h:1170
ESYS_TR session2
Definition: fapi_int.h:1178
IFAPI_MAX_BUFFER aux_data
Definition: fapi_int.h:1187
enum _FAPI_FLUSH_STATE flush_object_state
Definition: fapi_int.h:1166
enum _FAPI_STATE_PRIMARY primary_state
Definition: fapi_int.h:1160
IFAPI_CMD_STATE cmd
Definition: fapi_int.h:1171
IFAPI_FILE_SEARCH_CTX fsearch
Definition: fapi_int.h:1189
IFAPI_OBJECT * duplicate_key
Definition: fapi_int.h:1193
struct IFAPI_CALLBACKS callbacks
Definition: fapi_int.h:1151
enum _FAPI_STATE state
Definition: fapi_int.h:1159
ESYS_CONTEXT * esys
Definition: fapi_int.h:1149
IFAPI_CONFIG config
Definition: fapi_int.h:1169
ESYS_TR session1
Definition: fapi_int.h:1177
enum IFAPI_CLEANUP_STATE cleanup_state
Definition: fapi_int.h:1167
TPMS_TIME_INFO init_time
Definition: fapi_int.h:1157
ESYS_TR policy_session
Definition: fapi_int.h:1179
enum _FAPI_STATE_SESSION session_state
Definition: fapi_int.h:1161
IFAPI_POLICY_CTX policy
Definition: fapi_int.h:1188
enum _FAPI_STATE_GET_RANDOM get_random_state
Definition: fapi_int.h:1162
Definition: fapi_int.h:190
TPMT_SIG_SCHEME sig_scheme
Definition: fapi_int.h:191
TPMS_ATTEST attest
Definition: fapi_int.h:192
Definition: fapi_int.h:1131
Definition: fapi_int.h:157
Definition: ifapi_config.h:20
Definition: fapi_int.h:562
IFAPI_OBJECT hierarchy
Definition: fapi_int.h:564
char * path
Definition: fapi_int.h:563
Definition: fapi_int.h:392
IFAPI_OBJECT * key_object
Definition: fapi_int.h:396
char const * keyPath
Definition: fapi_int.h:393
UINT16 bytesRequested
Definition: fapi_int.h:400
size_t decrypt
Definition: fapi_int.h:399
ESYS_TR key_handle
Definition: fapi_int.h:397
size_t numBytes
Definition: fapi_int.h:398
Definition: ifapi_eventlog.h:43
Definition: ifapi_eventlog.h:58
Definition: fapi_int.h:762
const char * searchPath
Definition: fapi_int.h:763
Definition: fapi_int.h:477
IFAPI_OBJECT * key_object
Definition: fapi_int.h:480
char ** pathlist
Definition: fapi_int.h:488
IFAPI_OBJECT hiearchy_object
Definition: fapi_int.h:485
size_t numPathsCleanup
Definition: fapi_int.h:490
size_t numPaths
Definition: fapi_int.h:489
const char * authValue
Definition: fapi_int.h:481
TPM2B_PRIVATE * newPrivate
Definition: fapi_int.h:483
ESYS_TR hierarchy_handle
Definition: fapi_int.h:487
IFAPI_OBJECT object
Definition: fapi_int.h:484
ESYS_TR nv_index
Definition: fapi_int.h:486
ESYS_TR handle
Definition: fapi_int.h:479
TPM2B_AUTH newAuthValue
Definition: fapi_int.h:482
const char * entityPath
Definition: fapi_int.h:478
Definition: fapi_int.h:729
char ** pathlist
Definition: fapi_int.h:738
TPM2_HANDLE permanentHandle
Definition: fapi_int.h:733
size_t numPaths
Definition: fapi_int.h:739
char * path
Definition: fapi_int.h:736
bool is_key
Definition: fapi_int.h:730
IFAPI_OBJECT object
Definition: fapi_int.h:737
bool is_persistent_key
Definition: fapi_int.h:731
IFAPI_OBJECT auth_object
Definition: fapi_int.h:734
size_t path_idx
Definition: fapi_int.h:740
ESYS_TR auth_index
Definition: fapi_int.h:735
Definition: fapi_int.h:668
IFAPI_OBJECT * key_object
Definition: fapi_int.h:672
IFAPI_OBJECT dup_key
Definition: fapi_int.h:675
char const * pathToPublicKeyOfNewParent
Definition: fapi_int.h:670
IFAPI_OBJECT pub_key
Definition: fapi_int.h:674
TPM2B_PUBLIC public_parent
Definition: fapi_int.h:671
IFAPI_OBJECT export_tree
Definition: fapi_int.h:673
char const * pathOfKeyToDuplicate
Definition: fapi_int.h:669
Definition: fapi_int.h:683
size_t profile_idx
Definition: fapi_int.h:689
TPMS_POLICY policy
Definition: fapi_int.h:687
TPMI_ALG_HASH hashAlg
Definition: fapi_int.h:688
IFAPI_OBJECT object
Definition: fapi_int.h:686
bool compute_policy
Definition: fapi_int.h:690
char const * path
Definition: fapi_int.h:684
Definition: fapi_int.h:640
char ** pathlist
Definition: fapi_int.h:642
size_t numPaths
Definition: fapi_int.h:644
size_t path_idx
Definition: fapi_int.h:643
Definition: fapi_int.h:495
const char * signingKeyPath
Definition: fapi_int.h:497
const char * policyPath
Definition: fapi_int.h:496
Definition: fapi_int.h:745
IFAPI_OBJECT * key_object
Definition: fapi_int.h:757
TPM2_HANDLE permanentHandle
Definition: fapi_int.h:752
uint8_t type
Definition: fapi_int.h:746
char * path
Definition: fapi_int.h:755
bool is_key
Definition: fapi_int.h:749
IFAPI_OBJECT object
Definition: fapi_int.h:756
bool is_persistent_key
Definition: fapi_int.h:750
IFAPI_OBJECT auth_object
Definition: fapi_int.h:753
uint8_t * data
Definition: fapi_int.h:747
size_t length
Definition: fapi_int.h:748
ESYS_TR auth_index
Definition: fapi_int.h:754
Definition: fapi_int.h:451
TPMS_CAPABILITY_DATA * fetched_data
Definition: fapi_int.h:453
TPMS_CAPABILITY_DATA * capability_data
Definition: fapi_int.h:452
Definition: fapi_int.h:317
UINT16 bytesRequested
Definition: fapi_int.h:320
size_t idx
Definition: fapi_int.h:319
uint8_t * ret_data
Definition: fapi_int.h:322
size_t numBytes
Definition: fapi_int.h:318
uint8_t * data
Definition: fapi_int.h:321
Definition: fapi_int.h:162
IFAPI_CONFIG fapi_config
Definition: fapi_int.h:164
char * fapi_version
Definition: fapi_int.h:163
Definition: fapi_int.h:253
char ** pathlist
Definition: fapi_int.h:255
IFAPI_OBJECT * null_primaries
Definition: fapi_int.h:261
size_t numPaths
Definition: fapi_int.h:256
size_t primary_idx
Definition: fapi_int.h:259
size_t path_idx
Definition: fapi_int.h:260
size_t numNullPrimaries
Definition: fapi_int.h:257
Definition: ifapi_io.h:15
Definition: fapi_int.h:697
Definition: fapi_int.h:170
TPMI_YES_NO system
Definition: fapi_int.h:171
UINT32 persistent_handle
Definition: fapi_int.h:174
TPMI_YES_NO persistent
Definition: fapi_int.h:173
Definition: ifapi_keystore.h:118
Definition: fapi_int.h:370
IFAPI_OBJECT hierarchy
Definition: fapi_int.h:378
IFAPI_OBJECT parent
Definition: fapi_int.h:374
bool gen_sensitive_random
Definition: fapi_int.h:386
IFAPI_KEY_TEMPLATE public_templ
Definition: fapi_int.h:376
NODE_STR_T * path_list
Definition: fapi_int.h:373
IFAPI_OBJECT object
Definition: fapi_int.h:375
const char * keyPath
Definition: fapi_int.h:372
Definition: fapi_int.h:327
const char * key_path
Definition: fapi_int.h:330
NODE_STR_T * path_list
Definition: fapi_int.h:331
char * pem_cert_dup
Definition: fapi_int.h:329
const char * pem_cert
Definition: fapi_int.h:328
IFAPI_OBJECT key_object
Definition: fapi_int.h:332
Definition: fapi_int.h:423
IFAPI_OBJECT * key_object
Definition: fapi_int.h:429
enum FAPI_SIGN_STATE state
Definition: fapi_int.h:424
uint8_t * ret_signature
Definition: fapi_int.h:435
TPM2B_DIGEST digest
Definition: fapi_int.h:427
TPMT_SIG_SCHEME scheme
Definition: fapi_int.h:428
char const * padding
Definition: fapi_int.h:433
TPMT_SIGNATURE * tpm_signature
Definition: fapi_int.h:430
TPMT_SIGNATURE * signature
Definition: fapi_int.h:432
char * certificate
Definition: fapi_int.h:434
ESYS_TR handle
Definition: fapi_int.h:426
char * publicKey
Definition: fapi_int.h:437
const char * keyPath
Definition: fapi_int.h:425
TPMI_YES_NO decrypt
Definition: fapi_int.h:431
Definition: fapi_int.h:576
Definition: fapi_int.h:712
NODE_STR_T * path_list
Definition: fapi_int.h:715
enum _FAPI_STATE_LOAD_KEY state
Definition: fapi_int.h:713
Definition: fapi_int.h:89
Definition: fapi_int.h:219
UINT16 bytesRequested
Definition: fapi_int.h:226
TPML_DIGEST_VALUES digests
Definition: fapi_int.h:247
ESYS_TR esys_auth_handle
Definition: fapi_int.h:223
IFAPI_EVENT pcr_event
Definition: fapi_int.h:246
bool skip_policy_computation
Definition: fapi_int.h:248
size_t data_idx
Definition: fapi_int.h:228
char * policyPath
Definition: fapi_int.h:221
const uint8_t * data
Definition: fapi_int.h:229
json_object * jso_event_log
Definition: fapi_int.h:244
ESYS_TR esys_handle
Definition: fapi_int.h:224
enum _FAPI_STATE_NV_WRITE nv_write_state
Definition: fapi_int.h:241
size_t size
Definition: fapi_int.h:231
char * nvPath
Definition: fapi_int.h:220
TPM2B_AUTH auth
Definition: fapi_int.h:234
IFAPI_NV_TEMPLATE public_templ
Definition: fapi_int.h:238
uint64_t bitmap
Definition: fapi_int.h:237
size_t numBytes
Definition: fapi_int.h:225
uint8_t * rdata
Definition: fapi_int.h:230
enum _FAPI_STATE_NV_READ nv_read_state
Definition: fapi_int.h:240
IFAPI_OBJECT auth_object
Definition: fapi_int.h:232
IFAPI_OBJECT nv_object
Definition: fapi_int.h:233
char * logData
Definition: fapi_int.h:243
TPMI_RH_NV_INDEX maxNvIndex
Definition: fapi_int.h:245
UINT16 offset
Definition: fapi_int.h:227
IFAPI_NV nv_obj
Definition: fapi_int.h:235
ESYS_TR auth_index
Definition: fapi_int.h:236
Definition: fapi_int.h:180
TPMI_YES_NO system
Definition: fapi_int.h:181
TPMI_RH_HIERARCHY hierarchy
Definition: fapi_int.h:183
char * description
Definition: fapi_int.h:184
Definition: ifapi_keystore.h:69
Definition: fapi_int.h:266
IFAPI_OBJECT * key_object
Definition: fapi_int.h:278
ESYS_TR PCR
Definition: fapi_int.h:269
TPM2B_DATA qualifyingData
Definition: fapi_int.h:282
size_t pcrListSize
Definition: fapi_int.h:281
TPML_PCR_SELECTION pcr_selection
Definition: fapi_int.h:270
TPML_DIGEST_VALUES * event_digests
Definition: fapi_int.h:268
ESYS_TR handle
Definition: fapi_int.h:277
TPML_DIGEST_VALUES digest_list
Definition: fapi_int.h:267
TPML_PCR_SELECTION * pcr_selection_out
Definition: fapi_int.h:271
const char * keyPath
Definition: fapi_int.h:276
uint32_t * pcrList
Definition: fapi_int.h:280
Definition: fapi_int.h:609
char ** pathlist
Definition: fapi_int.h:614
ESYS_TR session
Definition: fapi_int.h:624
IFAPI_POLICYUTIL_STACK * policyutil_stack
Definition: fapi_int.h:620
IFAPI_POLICY_EXEC_CTX * policy_stack
Definition: fapi_int.h:616
Definition: ifapi_policy_instantiate.h:68
Definition: ifapi_policy_execute.h:130
Definition: ifapi_policy_store.h:17
Definition: ifapi_policyutil_execute.h:26
Definition: ifapi_profiles.h:15
Definition: ifapi_profiles.h:51
Definition: fapi_int.h:306
json_object * jso
Definition: fapi_int.h:311
char * object_path
Definition: fapi_int.h:310
char * jso_string
Definition: fapi_int.h:312
IFAPI_OBJECT object
Definition: fapi_int.h:309
char * description
Definition: fapi_int.h:307
UINT8_ARY appData
Definition: fapi_int.h:308
Definition: fapi_int.h:513
char ** pathlist
Definition: fapi_int.h:522
size_t numHierarchyObjects
Definition: fapi_int.h:524
IFAPI_OBJECT hierarchy_hn
Definition: fapi_int.h:517
size_t numPaths
Definition: fapi_int.h:523
IFAPI_KEY_TEMPLATE public_templ
Definition: fapi_int.h:520
IFAPI_OBJECT hierarchy_he
Definition: fapi_int.h:516
IFAPI_OBJECT * hierarchy
Definition: fapi_int.h:518
IFAPI_OBJECT hierarchy_hs
Definition: fapi_int.h:515
IFAPI_OBJECT hierarchy_lockout
Definition: fapi_int.h:514
IFAPI_OBJECT * hierarchies
Definition: fapi_int.h:527
size_t path_idx
Definition: fapi_int.h:526
size_t hiearchy_idx
Definition: fapi_int.h:525
TPMS_POLICY * hierarchy_policy
Definition: fapi_int.h:519
Definition: fapi_int.h:442
IFAPI_OBJECT * object
Definition: fapi_int.h:444
const char * keyPath
Definition: fapi_int.h:443
Definition: fapi_int.h:504
TPMI_ALG_HASH * hash_alg
Definition: fapi_int.h:506
size_t hash_size
Definition: fapi_int.h:507
size_t digest_idx
Definition: fapi_int.h:508
const char * policyPath
Definition: fapi_int.h:505
Definition: ifapi_policy_types.h:128
Definition: ifapi_policy_types.h:291
struct TPML_POLICYELEMENTS * policy
Definition: ifapi_policy_types.h:295
Definition: fapi_types.h:15
Definition: fapi_types.h:34
Definition: fapi_types.h:24
Definition: fapi_int.h:771