Skip to main content

TAP server

The TAP server (TAPS) runs as a service. On startup, the TAP server parses its configuration file and generates a list of security modules supported on that host by calling the registration functions for each SMP to register their capabilities and provide a list of modules available on the system. It also reads SSL configuration information needed to establish new connections. It then listens on the specified port for incoming connection requests from a local or remote TAP client.

When the TAP server receives a connection request from a TAP client, the TAP server spawns a thread to create the SSL connection and waits for additional commands sent over that SSL connection. When a new command is received, the request is handled by the TAPS_dispatcher. The TAPS_dispatcher reads the command header (TAP_CmdHdr) to identify the destination of the request. If it is a command that is handled locally (at the server level), the dispatcher processes the request and returns the response to the requesting TAP client. If the command destination is a specific security module, the TAPS_dispatcher performs any necessary data translations and passes the request on to the corresponding module dispatcher (e.g. TAPS_TPM2_dispatcher for TPM 2.0 command requests). When the response is received from the module-specific dispatcher, the TAP server does any necessary data translations, adds a response header and returns the response to the TAP client.

Each connection thread has a context for the security module with which it communicates (e.g., TPM 2.0 module). When a connection thread receives a request, it parses the request and verifies that it is for the module it interfaces with. It then parses the command parameters, executes the command, serializes the response structure, and returns it to the client.