1 2/* 3 * Licensed Materials - Property of IBM 4 * 5 * trousers - An open source TCG Software Stack 6 * 7 * (C) Copyright International Business Machines Corp. 2004-2007 8 * 9 */ 10 11#ifndef _OBJ_POLICY_H_ 12#define _OBJ_POLICY_H_ 13 14/* structures */ 15struct tr_policy_obj { 16 BYTE SecretLifetime; 17 TSS_BOOL SecretSet; 18 UINT32 SecretMode; 19 UINT32 SecretCounter; 20 UINT32 SecretTimeStamp; 21 UINT32 SecretSize; 22 BYTE Secret[20]; 23 UINT32 type; 24 BYTE *popupString; 25 UINT32 popupStringLength; 26 UINT32 hashMode; 27 TSS_ALGORITHM_ID hmacAlg; 28 TSS_ALGORITHM_ID xorAlg; 29 TSS_ALGORITHM_ID takeownerAlg; 30 TSS_ALGORITHM_ID changeauthAlg; 31#ifdef TSS_BUILD_SEALX 32 TSS_ALGORITHM_ID sealxAlg; 33#endif 34 PVOID hmacAppData; 35 PVOID xorAppData; 36 PVOID takeownerAppData; 37 PVOID changeauthAppData; 38#ifdef TSS_BUILD_SEALX 39 PVOID sealxAppData; 40#endif 41#ifdef TSS_BUILD_DELEGATION 42 /* The per1 and per2 are only used when creating a delegation. 43 After that, the blob or index is used to retrieve the information */ 44 UINT32 delegationPer1; 45 UINT32 delegationPer2; 46 47 UINT32 delegationType; 48 TSS_BOOL delegationIndexSet; /* Since 0 is a valid index value */ 49 UINT32 delegationIndex; 50 UINT32 delegationBlobLength; 51 BYTE *delegationBlob; 52#endif 53 TSS_RESULT (*Tspicb_CallbackHMACAuth)( 54 PVOID lpAppData, 55 TSS_HOBJECT hAuthorizedObject, 56 TSS_BOOL ReturnOrVerify, 57 UINT32 ulPendingFunction, 58 TSS_BOOL ContinueUse, 59 UINT32 ulSizeNonces, 60 BYTE *rgbNonceEven, 61 BYTE *rgbNonceOdd, 62 BYTE *rgbNonceEvenOSAP, 63 BYTE *rgbNonceOddOSAP, 64 UINT32 ulSizeDigestHmac, 65 BYTE *rgbParamDigest, 66 BYTE *rgbHmacData); 67 TSS_RESULT (*Tspicb_CallbackXorEnc)( 68 PVOID lpAppData, 69 TSS_HOBJECT hOSAPObject, 70 TSS_HOBJECT hObject, 71 TSS_FLAG PurposeSecret, 72 UINT32 ulSizeNonces, 73 BYTE *rgbNonceEven, 74 BYTE *rgbNonceOdd, 75 BYTE *rgbNonceEvenOSAP, 76 BYTE *rgbNonceOddOSAP, 77 UINT32 ulSizeEncAuth, 78 BYTE *rgbEncAuthUsage, 79 BYTE *rgbEncAuthMigration); 80 TSS_RESULT (*Tspicb_CallbackTakeOwnership)( 81 PVOID lpAppData, 82 TSS_HOBJECT hObject, 83 TSS_HKEY hObjectPubKey, 84 UINT32 ulSizeEncAuth, 85 BYTE *rgbEncAuth); 86 TSS_RESULT (*Tspicb_CallbackChangeAuthAsym)( 87 PVOID lpAppData, 88 TSS_HOBJECT hObject, 89 TSS_HKEY hObjectPubKey, 90 UINT32 ulSizeEncAuth, 91 UINT32 ulSizeAithLink, 92 BYTE *rgbEncAuth, 93 BYTE *rgbAuthLink); 94#ifdef TSS_BUILD_SEALX 95 TSS_RESULT (*Tspicb_CallbackSealxMask)( 96 PVOID lpAppData, 97 TSS_HKEY hKey, 98 TSS_HENCDATA hEncData, 99 TSS_ALGORITHM_ID algID, 100 UINT32 ulSizeNonces, 101 BYTE *rgbNonceEven, 102 BYTE *rgbNonceOdd, 103 BYTE *rgbNonceEvenOSAP, 104 BYTE *rgbNonceOddOSAP, 105 UINT32 ulDataLength, 106 BYTE *rgbDataToMask, 107 BYTE *rgbMaskedData); 108#endif 109}; 110 111/* obj_policy.c */ 112void __tspi_policy_free(void *data); 113TSS_BOOL anyPopupPolicies(TSS_HCONTEXT); 114TSS_BOOL obj_is_policy(TSS_HOBJECT); 115TSS_RESULT obj_policy_get_tsp_context(TSS_HPOLICY, TSS_HCONTEXT *); 116/* One of these 2 flags should be passed to obj_policy_get_secret so that if a popup must 117 * be executed to get the secret, we know whether or not the new dialog should be displayed, 118 * which will ask for confirmation */ 119#define TR_SECRET_CTX_NEW TRUE 120#define TR_SECRET_CTX_NOT_NEW FALSE 121TSS_RESULT obj_policy_get_secret(TSS_HPOLICY, TSS_BOOL, TCPA_SECRET *); 122TSS_RESULT obj_policy_flush_secret(TSS_HPOLICY); 123TSS_RESULT obj_policy_set_secret_object(TSS_HPOLICY, TSS_FLAG, UINT32, 124 TCPA_DIGEST *, TSS_BOOL); 125TSS_RESULT obj_policy_set_secret(TSS_HPOLICY, TSS_FLAG, UINT32, BYTE *); 126TSS_RESULT obj_policy_get_type(TSS_HPOLICY, UINT32 *); 127TSS_RESULT obj_policy_remove(TSS_HOBJECT, TSS_HCONTEXT); 128TSS_RESULT obj_policy_add(TSS_HCONTEXT, UINT32, TSS_HOBJECT *); 129TSS_RESULT obj_policy_set_type(TSS_HPOLICY, UINT32); 130TSS_RESULT obj_policy_set_cb12(TSS_HPOLICY, TSS_FLAG, BYTE *); 131TSS_RESULT obj_policy_get_cb12(TSS_HPOLICY, TSS_FLAG, UINT32 *, BYTE **); 132TSS_RESULT obj_policy_set_cb11(TSS_HPOLICY, TSS_FLAG, TSS_FLAG, UINT32); 133TSS_RESULT obj_policy_get_cb11(TSS_HPOLICY, TSS_FLAG, UINT32 *); 134TSS_RESULT obj_policy_get_lifetime(TSS_HPOLICY, UINT32 *); 135TSS_RESULT obj_policy_set_lifetime(TSS_HPOLICY, UINT32, UINT32); 136TSS_RESULT obj_policy_get_counter(TSS_HPOLICY, UINT32 *); 137TSS_RESULT obj_policy_get_string(TSS_HPOLICY, UINT32 *size, BYTE **); 138TSS_RESULT obj_policy_set_string(TSS_HPOLICY, UINT32 size, BYTE *); 139TSS_RESULT obj_policy_get_secs_until_expired(TSS_HPOLICY, UINT32 *); 140TSS_RESULT obj_policy_has_expired(TSS_HPOLICY, TSS_BOOL *); 141TSS_RESULT obj_policy_get_mode(TSS_HPOLICY, UINT32 *); 142TSS_RESULT obj_policy_dec_counter(TSS_HPOLICY); 143TSS_RESULT obj_policy_do_hmac(TSS_HPOLICY, TSS_HOBJECT, TSS_BOOL, UINT32, 144 TSS_BOOL, UINT32, BYTE *, BYTE *, BYTE *, BYTE *, 145 UINT32, BYTE *, BYTE *); 146TSS_RESULT obj_policy_do_xor(TSS_HPOLICY, TSS_HOBJECT, TSS_HOBJECT, TSS_FLAG, 147 UINT32, BYTE *, BYTE *, BYTE *, BYTE *, UINT32, BYTE *, BYTE *); 148TSS_RESULT obj_policy_do_takeowner(TSS_HPOLICY, TSS_HOBJECT, TSS_HKEY, UINT32, BYTE *); 149TSS_RESULT obj_policy_validate_auth_oiap(TSS_HPOLICY, TCPA_DIGEST *, TPM_AUTH *); 150TSS_RESULT obj_policy_get_hash_mode(TSS_HPOLICY, UINT32 *); 151TSS_RESULT obj_policy_set_hash_mode(TSS_HPOLICY, UINT32); 152TSS_RESULT obj_policy_get_xsap_params(TSS_HPOLICY, TPM_COMMAND_CODE, TPM_ENTITY_TYPE *, UINT32 *, 153 BYTE **, BYTE *, TSS_CALLBACK *, TSS_CALLBACK *, 154 TSS_CALLBACK *, UINT32 *, TSS_BOOL); 155TSS_RESULT obj_policy_is_secret_set(TSS_HPOLICY, TSS_BOOL *); 156#ifdef TSS_BUILD_DELEGATION 157TSS_RESULT obj_policy_set_delegation_type(TSS_HPOLICY, UINT32); 158TSS_RESULT obj_policy_get_delegation_type(TSS_HPOLICY, UINT32 *); 159TSS_RESULT obj_policy_set_delegation_index(TSS_HPOLICY, UINT32); 160TSS_RESULT obj_policy_get_delegation_index(TSS_HPOLICY, UINT32 *); 161TSS_RESULT obj_policy_set_delegation_per1(TSS_HPOLICY, UINT32); 162TSS_RESULT obj_policy_get_delegation_per1(TSS_HPOLICY, UINT32 *); 163TSS_RESULT obj_policy_set_delegation_per2(TSS_HPOLICY, UINT32); 164TSS_RESULT obj_policy_get_delegation_per2(TSS_HPOLICY, UINT32 *); 165TSS_RESULT obj_policy_set_delegation_blob(TSS_HPOLICY, UINT32, UINT32, BYTE *); 166TSS_RESULT obj_policy_get_delegation_blob(TSS_HPOLICY, UINT32, UINT32 *, BYTE **); 167TSS_RESULT obj_policy_get_delegation_label(TSS_HPOLICY, BYTE *); 168TSS_RESULT obj_policy_get_delegation_familyid(TSS_HPOLICY, UINT32 *); 169TSS_RESULT obj_policy_get_delegation_vercount(TSS_HPOLICY, UINT32 *); 170TSS_RESULT obj_policy_get_delegation_pcr_locality(TSS_HPOLICY, UINT32 *); 171TSS_RESULT obj_policy_get_delegation_pcr_digest(TSS_HPOLICY, UINT32 *, BYTE **); 172TSS_RESULT obj_policy_get_delegation_pcr_selection(TSS_HPOLICY, UINT32 *, BYTE **); 173TSS_RESULT obj_policy_is_delegation_index_set(TSS_HPOLICY, TSS_BOOL *); 174 175void obj_policy_clear_delegation(struct tr_policy_obj *); 176TSS_RESULT obj_policy_get_delegate_public(struct tsp_object *, TPM_DELEGATE_PUBLIC *); 177#endif 178 179#define POLICY_LIST_DECLARE struct obj_list policy_list 180#define POLICY_LIST_DECLARE_EXTERN extern struct obj_list policy_list 181#define POLICY_LIST_INIT() tspi_list_init(&policy_list) 182#define POLICY_LIST_CONNECT(a,b) obj_connectContext_list(&policy_list, a, b) 183#define POLICY_LIST_CLOSE(a) obj_list_close(&policy_list, &__tspi_policy_free, a) 184 185#endif 186