1 
2 /*
3  * Licensed Materials - Property of IBM
4  *
5  * trousers - An open source TCG Software Stack
6  *
7  * (C) Copyright International Business Machines Corp. 2004-2007
8  *
9  */
10 
11 #ifndef _OBJ_POLICY_H_
12 #define _OBJ_POLICY_H_
13 
14 /* structures */
15 struct tr_policy_obj {
16           BYTE SecretLifetime;
17           TSS_BOOL SecretSet;
18           UINT32 SecretMode;
19           UINT32 SecretCounter;
20           UINT32 SecretTimeStamp;
21           UINT32 SecretSize;
22           BYTE Secret[20];
23           UINT32 type;
24           BYTE *popupString;
25           UINT32 popupStringLength;
26           UINT32 hashMode;
27           TSS_ALGORITHM_ID hmacAlg;
28           TSS_ALGORITHM_ID xorAlg;
29           TSS_ALGORITHM_ID takeownerAlg;
30           TSS_ALGORITHM_ID changeauthAlg;
31 #ifdef TSS_BUILD_SEALX
32           TSS_ALGORITHM_ID sealxAlg;
33 #endif
34           PVOID hmacAppData;
35           PVOID xorAppData;
36           PVOID takeownerAppData;
37           PVOID changeauthAppData;
38 #ifdef TSS_BUILD_SEALX
39           PVOID sealxAppData;
40 #endif
41 #ifdef TSS_BUILD_DELEGATION
42           /* The per1 and per2 are only used when creating a delegation.
43              After that, the blob or index is used to retrieve the information */
44           UINT32 delegationPer1;
45           UINT32 delegationPer2;
46 
47           UINT32 delegationType;
48           TSS_BOOL delegationIndexSet;  /* Since 0 is a valid index value */
49           UINT32 delegationIndex;
50           UINT32 delegationBlobLength;
51           BYTE *delegationBlob;
52 #endif
53           TSS_RESULT (*Tspicb_CallbackHMACAuth)(
54                               PVOID lpAppData,
55                               TSS_HOBJECT hAuthorizedObject,
56                               TSS_BOOL ReturnOrVerify,
57                               UINT32 ulPendingFunction,
58                               TSS_BOOL ContinueUse,
59                               UINT32 ulSizeNonces,
60                               BYTE *rgbNonceEven,
61                               BYTE *rgbNonceOdd,
62                               BYTE *rgbNonceEvenOSAP,
63                               BYTE *rgbNonceOddOSAP,
64                               UINT32 ulSizeDigestHmac,
65                               BYTE *rgbParamDigest,
66                               BYTE *rgbHmacData);
67           TSS_RESULT (*Tspicb_CallbackXorEnc)(
68                               PVOID lpAppData,
69                               TSS_HOBJECT hOSAPObject,
70                               TSS_HOBJECT hObject,
71                               TSS_FLAG PurposeSecret,
72                               UINT32 ulSizeNonces,
73                               BYTE *rgbNonceEven,
74                               BYTE *rgbNonceOdd,
75                               BYTE *rgbNonceEvenOSAP,
76                               BYTE *rgbNonceOddOSAP,
77                               UINT32 ulSizeEncAuth,
78                               BYTE *rgbEncAuthUsage,
79                               BYTE *rgbEncAuthMigration);
80           TSS_RESULT (*Tspicb_CallbackTakeOwnership)(
81                               PVOID lpAppData,
82                               TSS_HOBJECT hObject,
83                               TSS_HKEY hObjectPubKey,
84                               UINT32 ulSizeEncAuth,
85                               BYTE *rgbEncAuth);
86           TSS_RESULT (*Tspicb_CallbackChangeAuthAsym)(
87                               PVOID lpAppData,
88                               TSS_HOBJECT hObject,
89                               TSS_HKEY hObjectPubKey,
90                               UINT32 ulSizeEncAuth,
91                               UINT32 ulSizeAithLink,
92                               BYTE *rgbEncAuth,
93                               BYTE *rgbAuthLink);
94 #ifdef TSS_BUILD_SEALX
95           TSS_RESULT (*Tspicb_CallbackSealxMask)(
96                               PVOID lpAppData,
97                               TSS_HKEY hKey,
98                               TSS_HENCDATA hEncData,
99                               TSS_ALGORITHM_ID algID,
100                               UINT32 ulSizeNonces,
101                               BYTE *rgbNonceEven,
102                               BYTE *rgbNonceOdd,
103                               BYTE *rgbNonceEvenOSAP,
104                               BYTE *rgbNonceOddOSAP,
105                               UINT32 ulDataLength,
106                               BYTE *rgbDataToMask,
107                               BYTE *rgbMaskedData);
108 #endif
109 };
110 
111 /* obj_policy.c */
112 void       __tspi_policy_free(void *data);
113 TSS_BOOL   anyPopupPolicies(TSS_HCONTEXT);
114 TSS_BOOL   obj_is_policy(TSS_HOBJECT);
115 TSS_RESULT obj_policy_get_tsp_context(TSS_HPOLICY, TSS_HCONTEXT *);
116 /* One of these 2 flags should be passed to obj_policy_get_secret so that if a popup must
117  * be executed to get the secret, we know whether or not the new dialog should be displayed,
118  * which will ask for confirmation */
119 #define TR_SECRET_CTX_NEW     TRUE
120 #define TR_SECRET_CTX_NOT_NEW FALSE
121 TSS_RESULT obj_policy_get_secret(TSS_HPOLICY, TSS_BOOL, TCPA_SECRET *);
122 TSS_RESULT obj_policy_flush_secret(TSS_HPOLICY);
123 TSS_RESULT obj_policy_set_secret_object(TSS_HPOLICY, TSS_FLAG, UINT32,
124                                                   TCPA_DIGEST *, TSS_BOOL);
125 TSS_RESULT obj_policy_set_secret(TSS_HPOLICY, TSS_FLAG, UINT32, BYTE *);
126 TSS_RESULT obj_policy_get_type(TSS_HPOLICY, UINT32 *);
127 TSS_RESULT obj_policy_remove(TSS_HOBJECT, TSS_HCONTEXT);
128 TSS_RESULT obj_policy_add(TSS_HCONTEXT, UINT32, TSS_HOBJECT *);
129 TSS_RESULT obj_policy_set_type(TSS_HPOLICY, UINT32);
130 TSS_RESULT obj_policy_set_cb12(TSS_HPOLICY, TSS_FLAG, BYTE *);
131 TSS_RESULT obj_policy_get_cb12(TSS_HPOLICY, TSS_FLAG, UINT32 *, BYTE **);
132 TSS_RESULT obj_policy_set_cb11(TSS_HPOLICY, TSS_FLAG, TSS_FLAG, UINT32);
133 TSS_RESULT obj_policy_get_cb11(TSS_HPOLICY, TSS_FLAG, UINT32 *);
134 TSS_RESULT obj_policy_get_lifetime(TSS_HPOLICY, UINT32 *);
135 TSS_RESULT obj_policy_set_lifetime(TSS_HPOLICY, UINT32, UINT32);
136 TSS_RESULT obj_policy_get_counter(TSS_HPOLICY, UINT32 *);
137 TSS_RESULT obj_policy_get_string(TSS_HPOLICY, UINT32 *size, BYTE **);
138 TSS_RESULT obj_policy_set_string(TSS_HPOLICY, UINT32 size, BYTE *);
139 TSS_RESULT obj_policy_get_secs_until_expired(TSS_HPOLICY, UINT32 *);
140 TSS_RESULT obj_policy_has_expired(TSS_HPOLICY, TSS_BOOL *);
141 TSS_RESULT obj_policy_get_mode(TSS_HPOLICY, UINT32 *);
142 TSS_RESULT obj_policy_dec_counter(TSS_HPOLICY);
143 TSS_RESULT obj_policy_do_hmac(TSS_HPOLICY, TSS_HOBJECT, TSS_BOOL, UINT32,
144                                     TSS_BOOL, UINT32, BYTE *, BYTE *, BYTE *, BYTE *,
145                                     UINT32, BYTE *, BYTE *);
146 TSS_RESULT obj_policy_do_xor(TSS_HPOLICY, TSS_HOBJECT, TSS_HOBJECT, TSS_FLAG,
147                     UINT32, BYTE *, BYTE *, BYTE *, BYTE *, UINT32, BYTE *, BYTE *);
148 TSS_RESULT obj_policy_do_takeowner(TSS_HPOLICY, TSS_HOBJECT, TSS_HKEY, UINT32, BYTE *);
149 TSS_RESULT obj_policy_validate_auth_oiap(TSS_HPOLICY, TCPA_DIGEST *, TPM_AUTH *);
150 TSS_RESULT obj_policy_get_hash_mode(TSS_HPOLICY, UINT32 *);
151 TSS_RESULT obj_policy_set_hash_mode(TSS_HPOLICY, UINT32);
152 TSS_RESULT obj_policy_get_xsap_params(TSS_HPOLICY, TPM_COMMAND_CODE, TPM_ENTITY_TYPE *, UINT32 *,
153                                               BYTE **, BYTE *, TSS_CALLBACK *, TSS_CALLBACK *,
154                                               TSS_CALLBACK *, UINT32 *, TSS_BOOL);
155 TSS_RESULT obj_policy_is_secret_set(TSS_HPOLICY, TSS_BOOL *);
156 #ifdef TSS_BUILD_DELEGATION
157 TSS_RESULT obj_policy_set_delegation_type(TSS_HPOLICY, UINT32);
158 TSS_RESULT obj_policy_get_delegation_type(TSS_HPOLICY, UINT32 *);
159 TSS_RESULT obj_policy_set_delegation_index(TSS_HPOLICY, UINT32);
160 TSS_RESULT obj_policy_get_delegation_index(TSS_HPOLICY, UINT32 *);
161 TSS_RESULT obj_policy_set_delegation_per1(TSS_HPOLICY, UINT32);
162 TSS_RESULT obj_policy_get_delegation_per1(TSS_HPOLICY, UINT32 *);
163 TSS_RESULT obj_policy_set_delegation_per2(TSS_HPOLICY, UINT32);
164 TSS_RESULT obj_policy_get_delegation_per2(TSS_HPOLICY, UINT32 *);
165 TSS_RESULT obj_policy_set_delegation_blob(TSS_HPOLICY, UINT32, UINT32, BYTE *);
166 TSS_RESULT obj_policy_get_delegation_blob(TSS_HPOLICY, UINT32, UINT32 *, BYTE **);
167 TSS_RESULT obj_policy_get_delegation_label(TSS_HPOLICY, BYTE *);
168 TSS_RESULT obj_policy_get_delegation_familyid(TSS_HPOLICY, UINT32 *);
169 TSS_RESULT obj_policy_get_delegation_vercount(TSS_HPOLICY, UINT32 *);
170 TSS_RESULT obj_policy_get_delegation_pcr_locality(TSS_HPOLICY, UINT32 *);
171 TSS_RESULT obj_policy_get_delegation_pcr_digest(TSS_HPOLICY, UINT32 *, BYTE **);
172 TSS_RESULT obj_policy_get_delegation_pcr_selection(TSS_HPOLICY, UINT32 *, BYTE **);
173 TSS_RESULT obj_policy_is_delegation_index_set(TSS_HPOLICY, TSS_BOOL *);
174 
175 void obj_policy_clear_delegation(struct tr_policy_obj *);
176 TSS_RESULT obj_policy_get_delegate_public(struct tsp_object *, TPM_DELEGATE_PUBLIC *);
177 #endif
178 
179 #define POLICY_LIST_DECLARE             struct obj_list policy_list
180 #define POLICY_LIST_DECLARE_EXTERN      extern struct obj_list policy_list
181 #define POLICY_LIST_INIT()              tspi_list_init(&policy_list)
182 #define POLICY_LIST_CONNECT(a,b)        obj_connectContext_list(&policy_list, a, b)
183 #define POLICY_LIST_CLOSE(a)            obj_list_close(&policy_list, &__tspi_policy_free, a)
184 
185 #endif
186