src/include/obj_policy.h


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185


/*
 * Licensed Materials - Property of IBM
 *
 * trousers - An open source TCG Software Stack
 *
 * (C) Copyright International Business Machines Corp. 2004-2007
 *
 */

#ifndef _OBJ_POLICY_H_
#define _OBJ_POLICY_H_

/* structures */
struct tr_policy_obj {
	BYTE SecretLifetime;
	TSS_BOOL SecretSet;
	UINT32 SecretMode;
	UINT32 SecretCounter;
	UINT32 SecretTimeStamp;
	UINT32 SecretSize;
	BYTE Secret[20];
	UINT32 type;
	BYTE *popupString;
	UINT32 popupStringLength;
	UINT32 hashMode;
	TSS_ALGORITHM_ID hmacAlg;
	TSS_ALGORITHM_ID xorAlg;
	TSS_ALGORITHM_ID takeownerAlg;
	TSS_ALGORITHM_ID changeauthAlg;
#ifdef TSS_BUILD_SEALX
	TSS_ALGORITHM_ID sealxAlg;
#endif
	PVOID hmacAppData;
	PVOID xorAppData;
	PVOID takeownerAppData;
	PVOID changeauthAppData;
#ifdef TSS_BUILD_SEALX
	PVOID sealxAppData;
#endif
#ifdef TSS_BUILD_DELEGATION
	/* The per1 and per2 are only used when creating a delegation.
	   After that, the blob or index is used to retrieve the information */
	UINT32 delegationPer1;
	UINT32 delegationPer2;

	UINT32 delegationType;
	TSS_BOOL delegationIndexSet;	/* Since 0 is a valid index value */
	UINT32 delegationIndex;
	UINT32 delegationBlobLength;
	BYTE *delegationBlob;
#endif
	TSS_RESULT (*Tspicb_CallbackHMACAuth)(
			PVOID lpAppData,
			TSS_HOBJECT hAuthorizedObject,
			TSS_BOOL ReturnOrVerify,
			UINT32 ulPendingFunction,
			TSS_BOOL ContinueUse,
			UINT32 ulSizeNonces,
			BYTE *rgbNonceEven,
			BYTE *rgbNonceOdd,
			BYTE *rgbNonceEvenOSAP,
			BYTE *rgbNonceOddOSAP,
			UINT32 ulSizeDigestHmac,
			BYTE *rgbParamDigest,
			BYTE *rgbHmacData);
	TSS_RESULT (*Tspicb_CallbackXorEnc)(
			PVOID lpAppData,
			TSS_HOBJECT hOSAPObject,
			TSS_HOBJECT hObject,
			TSS_FLAG PurposeSecret,
			UINT32 ulSizeNonces,
			BYTE *rgbNonceEven,
			BYTE *rgbNonceOdd,
			BYTE *rgbNonceEvenOSAP,
			BYTE *rgbNonceOddOSAP,
			UINT32 ulSizeEncAuth,
			BYTE *rgbEncAuthUsage,
			BYTE *rgbEncAuthMigration);
	TSS_RESULT (*Tspicb_CallbackTakeOwnership)(
			PVOID lpAppData,
			TSS_HOBJECT hObject,
			TSS_HKEY hObjectPubKey,
			UINT32 ulSizeEncAuth,
			BYTE *rgbEncAuth);
	TSS_RESULT (*Tspicb_CallbackChangeAuthAsym)(
			PVOID lpAppData,
			TSS_HOBJECT hObject,
			TSS_HKEY hObjectPubKey,
			UINT32 ulSizeEncAuth,
			UINT32 ulSizeAithLink,
			BYTE *rgbEncAuth,
			BYTE *rgbAuthLink);
#ifdef TSS_BUILD_SEALX
	TSS_RESULT (*Tspicb_CallbackSealxMask)(
			PVOID lpAppData,
			TSS_HKEY hKey,
			TSS_HENCDATA hEncData,
			TSS_ALGORITHM_ID algID,
			UINT32 ulSizeNonces,
			BYTE *rgbNonceEven,
			BYTE *rgbNonceOdd,
			BYTE *rgbNonceEvenOSAP,
			BYTE *rgbNonceOddOSAP,
			UINT32 ulDataLength,
			BYTE *rgbDataToMask,
			BYTE *rgbMaskedData);
#endif
};

/* obj_policy.c */
void       __tspi_policy_free(void *data);
TSS_BOOL   anyPopupPolicies(TSS_HCONTEXT);
TSS_BOOL   obj_is_policy(TSS_HOBJECT);
TSS_RESULT obj_policy_get_tsp_context(TSS_HPOLICY, TSS_HCONTEXT *);
/* One of these 2 flags should be passed to obj_policy_get_secret so that if a popup must
 * be executed to get the secret, we know whether or not the new dialog should be displayed,
 * which will ask for confirmation */
#define TR_SECRET_CTX_NEW	TRUE
#define TR_SECRET_CTX_NOT_NEW	FALSE
TSS_RESULT obj_policy_get_secret(TSS_HPOLICY, TSS_BOOL, TCPA_SECRET *);
TSS_RESULT obj_policy_flush_secret(TSS_HPOLICY);
TSS_RESULT obj_policy_set_secret_object(TSS_HPOLICY, TSS_FLAG, UINT32,
					TCPA_DIGEST *, TSS_BOOL);
TSS_RESULT obj_policy_set_secret(TSS_HPOLICY, TSS_FLAG, UINT32, BYTE *);
TSS_RESULT obj_policy_get_type(TSS_HPOLICY, UINT32 *);
TSS_RESULT obj_policy_remove(TSS_HOBJECT, TSS_HCONTEXT);
TSS_RESULT obj_policy_add(TSS_HCONTEXT, UINT32, TSS_HOBJECT *);
TSS_RESULT obj_policy_set_type(TSS_HPOLICY, UINT32);
TSS_RESULT obj_policy_set_cb12(TSS_HPOLICY, TSS_FLAG, BYTE *);
TSS_RESULT obj_policy_get_cb12(TSS_HPOLICY, TSS_FLAG, UINT32 *, BYTE **);
TSS_RESULT obj_policy_set_cb11(TSS_HPOLICY, TSS_FLAG, TSS_FLAG, UINT32);
TSS_RESULT obj_policy_get_cb11(TSS_HPOLICY, TSS_FLAG, UINT32 *);
TSS_RESULT obj_policy_get_lifetime(TSS_HPOLICY, UINT32 *);
TSS_RESULT obj_policy_set_lifetime(TSS_HPOLICY, UINT32, UINT32);
TSS_RESULT obj_policy_get_counter(TSS_HPOLICY, UINT32 *);
TSS_RESULT obj_policy_get_string(TSS_HPOLICY, UINT32 *size, BYTE **);
TSS_RESULT obj_policy_set_string(TSS_HPOLICY, UINT32 size, BYTE *);
TSS_RESULT obj_policy_get_secs_until_expired(TSS_HPOLICY, UINT32 *);
TSS_RESULT obj_policy_has_expired(TSS_HPOLICY, TSS_BOOL *);
TSS_RESULT obj_policy_get_mode(TSS_HPOLICY, UINT32 *);
TSS_RESULT obj_policy_dec_counter(TSS_HPOLICY);
TSS_RESULT obj_policy_do_hmac(TSS_HPOLICY, TSS_HOBJECT, TSS_BOOL, UINT32,
			      TSS_BOOL, UINT32, BYTE *, BYTE *, BYTE *, BYTE *,
			      UINT32, BYTE *, BYTE *);
TSS_RESULT obj_policy_do_xor(TSS_HPOLICY, TSS_HOBJECT, TSS_HOBJECT, TSS_FLAG,
		UINT32, BYTE *, BYTE *, BYTE *, BYTE *, UINT32, BYTE *, BYTE *);
TSS_RESULT obj_policy_do_takeowner(TSS_HPOLICY, TSS_HOBJECT, TSS_HKEY, UINT32, BYTE *);
TSS_RESULT obj_policy_validate_auth_oiap(TSS_HPOLICY, TCPA_DIGEST *, TPM_AUTH *);
TSS_RESULT obj_policy_get_hash_mode(TSS_HPOLICY, UINT32 *);
TSS_RESULT obj_policy_set_hash_mode(TSS_HPOLICY, UINT32);
TSS_RESULT obj_policy_get_xsap_params(TSS_HPOLICY, TPM_COMMAND_CODE, TPM_ENTITY_TYPE *, UINT32 *,
				      BYTE **, BYTE *, TSS_CALLBACK *, TSS_CALLBACK *,
				      TSS_CALLBACK *, UINT32 *, TSS_BOOL);
TSS_RESULT obj_policy_is_secret_set(TSS_HPOLICY, TSS_BOOL *);
#ifdef TSS_BUILD_DELEGATION
TSS_RESULT obj_policy_set_delegation_type(TSS_HPOLICY, UINT32);
TSS_RESULT obj_policy_get_delegation_type(TSS_HPOLICY, UINT32 *);
TSS_RESULT obj_policy_set_delegation_index(TSS_HPOLICY, UINT32);
TSS_RESULT obj_policy_get_delegation_index(TSS_HPOLICY, UINT32 *);
TSS_RESULT obj_policy_set_delegation_per1(TSS_HPOLICY, UINT32);
TSS_RESULT obj_policy_get_delegation_per1(TSS_HPOLICY, UINT32 *);
TSS_RESULT obj_policy_set_delegation_per2(TSS_HPOLICY, UINT32);
TSS_RESULT obj_policy_get_delegation_per2(TSS_HPOLICY, UINT32 *);
TSS_RESULT obj_policy_set_delegation_blob(TSS_HPOLICY, UINT32, UINT32, BYTE *);
TSS_RESULT obj_policy_get_delegation_blob(TSS_HPOLICY, UINT32, UINT32 *, BYTE **);
TSS_RESULT obj_policy_get_delegation_label(TSS_HPOLICY, BYTE *);
TSS_RESULT obj_policy_get_delegation_familyid(TSS_HPOLICY, UINT32 *);
TSS_RESULT obj_policy_get_delegation_vercount(TSS_HPOLICY, UINT32 *);
TSS_RESULT obj_policy_get_delegation_pcr_locality(TSS_HPOLICY, UINT32 *);
TSS_RESULT obj_policy_get_delegation_pcr_digest(TSS_HPOLICY, UINT32 *, BYTE **);
TSS_RESULT obj_policy_get_delegation_pcr_selection(TSS_HPOLICY, UINT32 *, BYTE **);
TSS_RESULT obj_policy_is_delegation_index_set(TSS_HPOLICY, TSS_BOOL *);

void obj_policy_clear_delegation(struct tr_policy_obj *);
TSS_RESULT obj_policy_get_delegate_public(struct tsp_object *, TPM_DELEGATE_PUBLIC *);
#endif

#define POLICY_LIST_DECLARE		struct obj_list policy_list
#define POLICY_LIST_DECLARE_EXTERN	extern struct obj_list policy_list
#define POLICY_LIST_INIT()		list_init(&policy_list)
#define POLICY_LIST_CONNECT(a,b)	obj_connectContext_list(&policy_list, a, b)
#define POLICY_LIST_CLOSE(a)		obj_list_close(&policy_list, &__tspi_policy_free, a)

#endif