1 files changed, 174 insertions, 0 deletions
diff --git a/include/tpm.h b/include/tpm.h
index 7219b7319..5e9f83225 100644
--- a/include/tpm.h
+++ b/include/tpm.h
@@ -1,5 +1,6 @@
 /*
  * Copyright (c) 2013 The Chromium OS Authors.
+ * Coypright (c) 2013 Guntermann & Drunck GmbH
  *
  * See file CREDITS for list of people who contributed to this
  * project.
@@ -54,6 +55,120 @@ enum tpm_nv_index {
 };
 
 /**
+ * TPM return codes as defined in the TCG Main specification
+ * (TPM Main Part 2 Structures; Specification version 1.2)
+ */
+enum tpm_return_code {
+	TPM_BASE	= 0x00000000,
+	TPM_NON_FATAL	= 0x00000800,
+	TPM_SUCCESS	= TPM_BASE,
+	/* TPM-defined fatal error codes */
+	TPM_AUTHFAIL			= TPM_BASE +  1,
+	TPM_BADINDEX			= TPM_BASE +  2,
+	TPM_BAD_PARAMETER		= TPM_BASE +  3,
+	TPM_AUDITFAILURE		= TPM_BASE +  4,
+	TPM_CLEAR_DISABLED		= TPM_BASE +  5,
+	TPM_DEACTIVATED			= TPM_BASE +  6,
+	TPM_DISABLED			= TPM_BASE +  7,
+	TPM_DISABLED_CMD		= TPM_BASE +  8,
+	TPM_FAIL			= TPM_BASE +  9,
+	TPM_BAD_ORDINAL			= TPM_BASE + 10,
+	TPM_INSTALL_DISABLED		= TPM_BASE + 11,
+	TPM_INVALID_KEYHANDLE		= TPM_BASE + 12,
+	TPM_KEYNOTFOUND			= TPM_BASE + 13,
+	TPM_INAPPROPRIATE_ENC		= TPM_BASE + 14,
+	TPM_MIGRATE_FAIL		= TPM_BASE + 15,
+	TPM_INVALID_PCR_INFO		= TPM_BASE + 16,
+	TPM_NOSPACE			= TPM_BASE + 17,
+	TPM_NOSRK			= TPM_BASE + 18,
+	TPM_NOTSEALED_BLOB		= TPM_BASE + 19,
+	TPM_OWNER_SET			= TPM_BASE + 20,
+	TPM_RESOURCES			= TPM_BASE + 21,
+	TPM_SHORTRANDOM			= TPM_BASE + 22,
+	TPM_SIZE			= TPM_BASE + 23,
+	TPM_WRONGPCRVAL			= TPM_BASE + 24,
+	TPM_BAD_PARAM_SIZE		= TPM_BASE + 25,
+	TPM_SHA_THREAD			= TPM_BASE + 26,
+	TPM_SHA_ERROR			= TPM_BASE + 27,
+	TPM_FAILEDSELFTEST		= TPM_BASE + 28,
+	TPM_AUTH2FAIL			= TPM_BASE + 29,
+	TPM_BADTAG			= TPM_BASE + 30,
+	TPM_IOERROR			= TPM_BASE + 31,
+	TPM_ENCRYPT_ERROR		= TPM_BASE + 32,
+	TPM_DECRYPT_ERROR		= TPM_BASE + 33,
+	TPM_INVALID_AUTHHANDLE		= TPM_BASE + 34,
+	TPM_NO_ENDORSEMENT		= TPM_BASE + 35,
+	TPM_INVALID_KEYUSAGE		= TPM_BASE + 36,
+	TPM_WRONG_ENTITYTYPE		= TPM_BASE + 37,
+	TPM_INVALID_POSTINIT		= TPM_BASE + 38,
+	TPM_INAPPROPRIATE_SIG		= TPM_BASE + 39,
+	TPM_BAD_KEY_PROPERTY		= TPM_BASE + 40,
+	TPM_BAD_MIGRATION		= TPM_BASE + 41,
+	TPM_BAD_SCHEME			= TPM_BASE + 42,
+	TPM_BAD_DATASIZE		= TPM_BASE + 43,
+	TPM_BAD_MODE			= TPM_BASE + 44,
+	TPM_BAD_PRESENCE		= TPM_BASE + 45,
+	TPM_BAD_VERSION			= TPM_BASE + 46,
+	TPM_NO_WRAP_TRANSPORT		= TPM_BASE + 47,
+	TPM_AUDITFAIL_UNSUCCESSFUL	= TPM_BASE + 48,
+	TPM_AUDITFAIL_SUCCESSFUL	= TPM_BASE + 49,
+	TPM_NOTRESETABLE		= TPM_BASE + 50,
+	TPM_NOTLOCAL			= TPM_BASE + 51,
+	TPM_BAD_TYPE			= TPM_BASE + 52,
+	TPM_INVALID_RESOURCE		= TPM_BASE + 53,
+	TPM_NOTFIPS			= TPM_BASE + 54,
+	TPM_INVALID_FAMILY		= TPM_BASE + 55,
+	TPM_NO_NV_PERMISSION		= TPM_BASE + 56,
+	TPM_REQUIRES_SIGN		= TPM_BASE + 57,
+	TPM_KEY_NOTSUPPORTED		= TPM_BASE + 58,
+	TPM_AUTH_CONFLICT		= TPM_BASE + 59,
+	TPM_AREA_LOCKED			= TPM_BASE + 60,
+	TPM_BAD_LOCALITY		= TPM_BASE + 61,
+	TPM_READ_ONLY			= TPM_BASE + 62,
+	TPM_PER_NOWRITE			= TPM_BASE + 63,
+	TPM_FAMILY_COUNT		= TPM_BASE + 64,
+	TPM_WRITE_LOCKED		= TPM_BASE + 65,
+	TPM_BAD_ATTRIBUTES		= TPM_BASE + 66,
+	TPM_INVALID_STRUCTURE		= TPM_BASE + 67,
+	TPM_KEY_OWNER_CONTROL		= TPM_BASE + 68,
+	TPM_BAD_COUNTER			= TPM_BASE + 69,
+	TPM_NOT_FULLWRITE		= TPM_BASE + 70,
+	TPM_CONTEXT_GAP			= TPM_BASE + 71,
+	TPM_MAXNVWRITES			= TPM_BASE + 72,
+	TPM_NOOPERATOR			= TPM_BASE + 73,
+	TPM_RESOURCEMISSING		= TPM_BASE + 74,
+	TPM_DELEGATE_LOCK		= TPM_BASE + 75,
+	TPM_DELEGATE_FAMILY		= TPM_BASE + 76,
+	TPM_DELEGATE_ADMIN		= TPM_BASE + 77,
+	TPM_TRANSPORT_NOTEXCLUSIVE	= TPM_BASE + 78,
+	TPM_OWNER_CONTROL		= TPM_BASE + 79,
+	TPM_DAA_RESOURCES		= TPM_BASE + 80,
+	TPM_DAA_INPUT_DATA0		= TPM_BASE + 81,
+	TPM_DAA_INPUT_DATA1		= TPM_BASE + 82,
+	TPM_DAA_ISSUER_SETTINGS		= TPM_BASE + 83,
+	TPM_DAA_TPM_SETTINGS		= TPM_BASE + 84,
+	TPM_DAA_STAGE			= TPM_BASE + 85,
+	TPM_DAA_ISSUER_VALIDITY		= TPM_BASE + 86,
+	TPM_DAA_WRONG_W			= TPM_BASE + 87,
+	TPM_BAD_HANDLE			= TPM_BASE + 88,
+	TPM_BAD_DELEGATE		= TPM_BASE + 89,
+	TPM_BADCONTEXT			= TPM_BASE + 90,
+	TPM_TOOMANYCONTEXTS		= TPM_BASE + 91,
+	TPM_MA_TICKET_SIGNATURE		= TPM_BASE + 92,
+	TPM_MA_DESTINATION		= TPM_BASE + 93,
+	TPM_MA_SOURCE			= TPM_BASE + 94,
+	TPM_MA_AUTHORITY		= TPM_BASE + 95,
+	TPM_PERMANENTEK			= TPM_BASE + 97,
+	TPM_BAD_SIGNATURE		= TPM_BASE + 98,
+	TPM_NOCONTEXTSPACE		= TPM_BASE + 99,
+	/* TPM-defined non-fatal errors */
+	TPM_RETRY		= TPM_BASE + TPM_NON_FATAL,
+	TPM_NEEDS_SELFTEST	= TPM_BASE + TPM_NON_FATAL + 1,
+	TPM_DOING_SELFTEST	= TPM_BASE + TPM_NON_FATAL + 2,
+	TPM_DEFEND_LOCK_RUNNING	= TPM_BASE + TPM_NON_FATAL + 3,
+};
+
+/**
  * Initialize TPM device.  It must be called before any TPM commands.
  *
  * @return 0 on success, non-0 on error.
@@ -201,4 +316,63 @@ uint32_t tpm_physical_set_deactivated(uint8_t state);
 uint32_t tpm_get_capability(uint32_t cap_area, uint32_t sub_cap,
 		void *cap, size_t count);
 
+/**
+ * Issue a TPM_FlushSpecific command for a AUTH ressource.
+ *
+ * @param auth_handle	handle of the auth session
+ * @return return code of the operation
+ */
+uint32_t tpm_terminate_auth_session(uint32_t auth_handle);
+
+/**
+ * Issue a TPM_OIAP command to setup an object independant authorization
+ * session.
+ * Information about the session is stored internally.
+ * If there was already an OIAP session active it is terminated and a new
+ * session is set up.
+ *
+ * @param auth_handle	pointer to the (new) auth handle or NULL.
+ * @return return code of the operation
+ */
+uint32_t tpm_oiap(uint32_t *auth_handle);
+
+/**
+ * Ends an active OIAP session.
+ *
+ * @return return code of the operation
+ */
+uint32_t tpm_end_oiap(void);
+
+/**
+ * Issue a TPM_LoadKey2 (Auth1) command using an OIAP session for authenticating
+ * the usage of the parent key.
+ *
+ * @param parent_handle	handle of the parent key.
+ * @param key		pointer to the key structure (TPM_KEY or TPM_KEY12).
+ * @param key_length	size of the key structure
+ * @param parent_key_usage_auth	usage auth for the parent key
+ * @param key_handle	pointer to the key handle
+ * @return return code of the operation
+ */
+uint32_t tpm_load_key2_oiap(uint32_t parent_handle,
+		const void *key, size_t key_length,
+		const void *parent_key_usage_auth,
+		uint32_t *key_handle);
+
+/**
+ * Issue a TPM_GetPubKey (Auth1) command using an OIAP session for
+ * authenticating the usage of the key.
+ *
+ * @param key_handle	handle of the key
+ * @param usage_auth	usage auth for the key
+ * @param pubkey	pointer to the pub key buffer; may be NULL if the pubkey
+ *			should not be stored.
+ * @param pubkey_len	pointer to the pub key buffer len. On entry: the size of
+ *			the provided pubkey buffer. On successful exit: the size
+ *			of the stored TPM_PUBKEY structure (iff pubkey != NULL).
+ * @return return code of the operation
+ */
+uint32_t tpm_get_pub_key_oiap(uint32_t key_handle, const void *usage_auth,
+		void *pubkey, size_t *pubkey_len);
+
 #endif /* __TPM_H */