/* SPDX-License-Identifier: BSD-2-Clause */ #ifndef INCLUDE_TSS2_TSS2_POLICY_H_ #define INCLUDE_TSS2_TSS2_POLICY_H_ #include #include "tss2_esys.h" #include "tss2_tpm2_types.h" #define TSS2_POLICY_RC_LAYER TSS2_RC_LAYER(13) #define TSS2_POLICY_RC_GENERAL_FAILURE ((TSS2_RC)(TSS2_POLICY_RC_LAYER | \ TSS2_BASE_RC_GENERAL_FAILURE)) #define TSS2_POLICY_RC_IO_ERROR ((TSS2_RC)(TSS2_POLICY_RC_LAYER | \ TSS2_BASE_RC_IO_ERROR)) #define TSS2_POLICY_RC_AUTHORIZATION_UNKNOWN ((TSS2_RC)(TSS2_POLICY_RC_LAYER | \ TSS2_BASE_RC_AUTHORIZATION_UNKNOWN)) #define TSS2_POLICY_RC_BAD_VALUE ((TSS2_RC)(TSS2_POLICY_RC_LAYER | \ TSS2_BASE_RC_BAD_VALUE)) #define TSS2_POLICY_RC_MEMORY ((TSS2_RC)(TSS2_POLICY_RC_LAYER | \ TSS2_BASE_RC_MEMORY)) #define TSS2_POLICY_RC_BAD_REFERENCE ((TSS2_RC)(TSS2_POLICY_RC_LAYER | \ TSS2_BASE_RC_BAD_REFERENCE)) #define TSS2_POLICY_RC_BAD_TEMPLATE ((TSS2_RC)(TSS2_POLICY_RC_LAYER | \ TSS2_BASE_RC_BAD_TEMPLATE)) #define TSS2_POLICY_RC_POLICY_NOT_CALCULATED ((TSS2_RC)(TSS2_POLICY_RC_LAYER | \ TSS2_BASE_RC_NOT_PROVISIONED)) #define TSS2_POLICY_RC_BUFFER_TOO_SMALL ((TSS2_RC)(TSS2_POLICY_RC_LAYER | \ TSS2_BASE_RC_BAD_SIZE)) #define TSS2_POLICY_RC_NULL_CALLBACK ((TSS2_RC)(TSS2_POLICY_RC_LAYER | \ TSS2_BASE_RC_CALLBACK_NULL)) typedef struct TSS2_POLICY_CTX TSS2_POLICY_CTX; typedef struct TSS2_OBJECT TSS2_OBJECT; struct TSS2_OBJECT { ESYS_TR handle; /**< Handle used by ESAPI */ }; /** Policy type TPMS_PCRVALUE */ typedef struct TPMS_PCRVALUE TPMS_PCRVALUE; struct TPMS_PCRVALUE { UINT32 pcr; /**< None */ TPM2_ALG_ID hashAlg; /**< None */ TPMU_HA digest; /**< None */ }; /** Policy type TPML_PCRVALUES */ typedef struct TPML_PCRVALUES TPML_PCRVALUES; struct TPML_PCRVALUES { UINT32 count; /**< None */ TPMS_PCRVALUE pcrs[]; /**< Array of pcr values */ }; typedef TSS2_RC (*TSS2_POLICY_CB_PUBLIC) ( const char *path, TPMT_PUBLIC *public, void *userdata); /* e.g. for ESAPI_CONTEXT */ typedef TSS2_RC (*TSS2_POLICY_CB_NAME) ( const char *path, TPM2B_NAME *name, void *userdata); /* e.g. for ESAPI_CONTEXT */ typedef enum TSS2_POLICY_PCR_SELECTOR TSS2_POLICY_PCR_SELECTOR; enum TSS2_POLICY_PCR_SELECTOR { TSS2_POLICY_PCR_SELECTOR_PCR_SELECT = 0, TSS2_POLICY_PCR_SELECTOR_PCR_SELECTION }; typedef union TSS2_POLICY_PCR_SELECTIONS TSS2_POLICY_PCR_SELECTIONS; union TSS2_POLICY_PCR_SELECTIONS { TPMS_PCR_SELECT pcr_select; TPML_PCR_SELECTION pcr_selection; }; typedef struct TSS2_POLICY_PCR_SELECTION TSS2_POLICY_PCR_SELECTION; struct TSS2_POLICY_PCR_SELECTION { enum TSS2_POLICY_PCR_SELECTOR type; TSS2_POLICY_PCR_SELECTIONS selections; }; typedef TSS2_RC (*TSS2_POLICY_CB_PCR) ( TSS2_POLICY_PCR_SELECTION *selection, TPML_PCR_SELECTION *out_selection, TPML_DIGEST *out_digest, void *userdata); /* e.g. for ESAPI_CONTEXT */ typedef TSS2_RC (*TSS2_POLICY_CB_NVPUBLIC) ( const char *path, TPMI_RH_NV_INDEX nv_index, TPMS_NV_PUBLIC *nv_public, void *userdata); /* e.g. for ESAPI_CONTEXT */ typedef struct TSS2_POLICY_CALC_CALLBACKS TSS2_POLICY_CALC_CALLBACKS; struct TSS2_POLICY_CALC_CALLBACKS { TSS2_POLICY_CB_PCR cbpcr; /**< Callback to compute current PCR value */ void *cbpcr_userdata; TSS2_POLICY_CB_NAME cbname; /**< Callback to compute name of an object from path */ void *cbname_userdata; TSS2_POLICY_CB_PUBLIC cbpublic; /**< Callback to compute public info of a key */ void *cbpublic_userdata; TSS2_POLICY_CB_NVPUBLIC cbnvpublic; /**< Callback to compute the NV public from path */ void *cbnvpublic_userdata; }; typedef TSS2_RC (*TSS2_POLICY_CB_EXEC_AUTH) ( TPM2B_NAME *name, ESYS_TR *object_handle, ESYS_TR *auth_handle, ESYS_TR *authSession, void *userdata); typedef TSS2_RC (*TSS2_POLICY_CB_EXEC_LOAD) ( TPM2B_NAME *name, ESYS_TR *object_handle, void *userdata); typedef TSS2_RC (*TSS2_POLICY_CB_EXEC_POLSEL) ( TSS2_OBJECT *auth_object, const char **branch_names, size_t branch_count, size_t *branch_idx, void *userdata); typedef TSS2_RC (*TSS2_POLICY_CB_EXEC_SIGN) ( char *key_pem, char *public_key_hint, TPMI_ALG_HASH key_pem_hash_alg, uint8_t *buffer, size_t buffer_size, const uint8_t **signature, size_t *signature_size, void *userdata); typedef TSS2_RC (*TSS2_POLICY_CB_EXEC_POLAUTH) ( TPMT_PUBLIC *key_public, TPMI_ALG_HASH hash_alg, TPM2B_DIGEST *digest, TPM2B_NONCE *policyRef, TPMT_SIGNATURE *signature, void *userdata); typedef TSS2_RC (*TSS2_POLICY_CB_EXEC_POLAUTHNV) ( TPMS_NV_PUBLIC *nv_public, TPMI_ALG_HASH hash_alg, void *userdata); typedef TSS2_RC (*TSS2_POLICY_CB_EXEC_POLDUP) ( TPM2B_NAME *name, void *userdata); typedef TSS2_RC (*TSS2_POLICY_CB_EXEC_POLACTION) ( const char *action, void *userdata); typedef struct TSS2_POLICY_EXEC_CALLBACKS TSS2_POLICY_EXEC_CALLBACKS; struct TSS2_POLICY_EXEC_CALLBACKS { TSS2_POLICY_CB_EXEC_AUTH cbauth; /**< Callback to authorize an object retrieved by name in keystore */ void *cbauth_userdata; TSS2_POLICY_CB_EXEC_LOAD cbload; /**< Callback to load a key retrieved by name in keystore */ void *cbload_userdata; TSS2_POLICY_CB_EXEC_POLSEL cbpolsel; /**< Callback for selection of policy branch */ void *cbpolsel_userdata; TSS2_POLICY_CB_EXEC_SIGN cbsign; /**< Callback for policy sign */ void *cbsign_userdata; TSS2_POLICY_CB_EXEC_POLAUTH cbauthpol; /**< Callback for policy authorize */ void *cbauthpol_userdata; TSS2_POLICY_CB_EXEC_POLAUTHNV cbauthnv; /**< Callback for policy authorize nv */ void *cbauthnv_userdata; TSS2_POLICY_CB_EXEC_POLDUP cbdup; /**< Callback for policy duplication select */ void *cbdup_userdata; TSS2_POLICY_CB_EXEC_POLACTION cbaction; /**< Callback for policy action */ void *cbaction_userdata; }; TSS2_RC Tss2_PolicyInit( const char *json_policy, TPM2_ALG_ID hash_alg, TSS2_POLICY_CTX **policy_ctx); void Tss2_PolicyFinalize( TSS2_POLICY_CTX **policy); TSS2_RC Tss2_PolicySetCalcCallbacks( TSS2_POLICY_CTX *policy_ctx, TSS2_POLICY_CALC_CALLBACKS *calc_callbacks); TSS2_RC Tss2_PolicySetExecCallbacks( TSS2_POLICY_CTX *policy_ctx, TSS2_POLICY_EXEC_CALLBACKS *exec_callbacks); TSS2_RC Tss2_PolicyExecute( TSS2_POLICY_CTX *policy_ctx, ESYS_CONTEXT *esys_ctx, ESYS_TR session); TSS2_RC Tss2_PolicyCalculate( TSS2_POLICY_CTX *policy_ctx); TSS2_RC Tss2_PolicyGetCalculatedJSON( TSS2_POLICY_CTX *policy_ctx, char *buffer, size_t *size); TSS2_RC Tss2_PolicyGetDescription( TSS2_POLICY_CTX *policy_ctx, char *description, size_t *size); TSS2_RC Tss2_PolicyGetCalculatedDigest( TSS2_POLICY_CTX *policy_ctx, TPM2B_DIGEST *digest); #endif /* INCLUDE_TSS2_TSS2_POLICY_H_ */