Request missing SWID tags in a directed PA-TNC message
[strongswan.git] / src / libimcv / pts / pts.h
1 /*
2 * Copyright (C) 2011 Sansar Choinyambuu
3 * Copyright (C) 2012-2014 Andreas Steffen
4 * HSR Hochschule fuer Technik Rapperswil
5 *
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2 of the License, or (at your
9 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10 *
11 * This program is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * for more details.
15 */
16
17 /**
18 * @defgroup pts pts
19 * @{ @ingroup libimcv
20 */
21
22 #ifndef PTS_H_
23 #define PTS_H_
24
25 typedef struct pts_t pts_t;
26
27 #include "pts_error.h"
28 #include "pts_proto_caps.h"
29 #include "pts_meas_algo.h"
30 #include "pts_file_meas.h"
31 #include "pts_file_meta.h"
32 #include "pts_dh_group.h"
33 #include "pts_pcr.h"
34 #include "pts_req_func_comp_evid.h"
35 #include "pts_simple_evid_final.h"
36 #include "components/pts_comp_func_name.h"
37
38 #include <library.h>
39 #include <collections/linked_list.h>
40
41 /**
42 * UTF-8 encoding of the character used to delimiter the filename
43 */
44 #define SOLIDUS_UTF 0x2F
45 #define REVERSE_SOLIDUS_UTF 0x5C
46
47 /**
48 * PCR indices used for measurements of various functional components
49 */
50 #define PCR_BIOS 0
51 #define PCR_PLATFORM_EXT 1
52 #define PCR_MOTHERBOARD 1
53 #define PCR_OPTION_ROMS 2
54 #define PCR_IPL 4
55
56 #define PCR_TBOOT_POLICY 17
57 #define PCR_TBOOT_MLE 18
58
59 #define PCR_TGRUB_MBR_STAGE1 4
60 #define PCR_TGRUB_STAGE2_PART1 8
61 #define PCR_TGRUB_STAGE2_PART2 9
62 #define PCR_TGRUB_CMD_LINE_ARGS 12
63 #define PCR_TGRUB_CHECKFILE 13
64 #define PCR_TGRUB_LOADED_FILES 14
65
66 #define PCR_DEBUG 16
67
68 /**
69 * Length of the generated nonce used for calculation of shared secret
70 */
71 #define ASSESSMENT_SECRET_LEN 20
72
73 /**
74 * Length of the TPM_QUOTE_INFO structure, TPM Spec 1.2
75 */
76 #define TPM_QUOTE_INFO_LEN 48
77
78 /**
79 * Hashing algorithm used by tboot and trustedGRUB
80 */
81 #define TRUSTED_HASH_ALGO PTS_MEAS_ALGO_SHA1
82
83 /**
84 * Class implementing the TCG Platform Trust Service (PTS)
85 *
86 */
87 struct pts_t {
88
89 /**
90 * Get PTS Protocol Capabilities
91 *
92 * @return Protocol capabilities flags
93 */
94 pts_proto_caps_flag_t (*get_proto_caps)(pts_t *this);
95
96 /**
97 * Set PTS Protocol Capabilities
98 *
99 * @param flags Protocol capabilities flags
100 */
101 void (*set_proto_caps)(pts_t *this, pts_proto_caps_flag_t flags);
102
103 /**
104 * Get PTS Measurement Algorithm
105 *
106 * @return PTS measurement algorithm
107 */
108 pts_meas_algorithms_t (*get_meas_algorithm)(pts_t *this);
109
110 /**
111 * Set PTS Measurement Algorithm
112 *
113 * @param algorithm PTS measurement algorithm
114 */
115 void (*set_meas_algorithm)(pts_t *this, pts_meas_algorithms_t algorithm);
116
117 /**
118 * Get DH Hash Algorithm
119 *
120 * @return DH hash algorithm
121 */
122 pts_meas_algorithms_t (*get_dh_hash_algorithm)(pts_t *this);
123
124 /**
125 * Set DH Hash Algorithm
126 *
127 * @param algorithm DH hash algorithm
128 */
129 void (*set_dh_hash_algorithm)(pts_t *this, pts_meas_algorithms_t algorithm);
130
131 /**
132 * Create PTS Diffie-Hellman object and nonce
133 *
134 * @param group PTS DH group
135 * @param nonce_len Nonce length
136 * @return TRUE if creation was successful
137 *
138 */
139 bool (*create_dh_nonce)(pts_t *this, pts_dh_group_t group, int nonce_len);
140
141 /**
142 * Get my Diffie-Hellman public value
143 *
144 * @param value My public DH value
145 * @param nonce My DH nonce
146 * @return TRUE if public value retrieved successfully
147 */
148 bool (*get_my_public_value)(pts_t *this, chunk_t *value, chunk_t *nonce);
149
150 /**
151 * Set peer Diffie.Hellman public value
152 *
153 * @param value Peer public DH value
154 * @param nonce Peer DH nonce
155 * @return TRUE if public value set successfully
156 */
157 bool (*set_peer_public_value) (pts_t *this, chunk_t value, chunk_t nonce);
158
159 /**
160 * Calculates assessment secret to be used for TPM Quote as ExternalData
161 *
162 * @return TRUE unless both DH public values
163 * and nonces are set
164 */
165 bool (*calculate_secret) (pts_t *this);
166
167 /**
168 * Get primary key of platform entry in database
169 *
170 * @return Platform and OS info
171 */
172 int (*get_platform_id)(pts_t *this);
173
174 /**
175 * Set primary key of platform entry in database
176 *
177 * @param pid Primary key of platform entry in database
178 */
179 void (*set_platform_id)(pts_t *this, int pid);
180
181 /**
182 * Get TPM 1.2 Version Info
183 *
184 * @param info chunk containing a TPM_CAP_VERSION_INFO struct
185 * @return TRUE if TPM Version Info available
186 */
187 bool (*get_tpm_version_info)(pts_t *this, chunk_t *info);
188
189 /**
190 * Set TPM 1.2 Version Info
191 *
192 * @param info chunk containing a TPM_CAP_VERSION_INFO struct
193 */
194 void (*set_tpm_version_info)(pts_t *this, chunk_t info);
195
196 /**
197 * Get Attestation Identity Certificate or Public Key
198 *
199 * @return AIK Certificate or Public Key
200 */
201 certificate_t* (*get_aik)(pts_t *this);
202
203 /**
204 * Set Attestation Identity Certificate or Public Key
205 *
206 * @param aik AIK Certificate or Public Key
207 * @param aik_id Primary key referencing AIK in database
208 */
209 void (*set_aik)(pts_t *this, certificate_t *aik, int aik_id);
210
211 /**
212 * Get primary key referencing AIK in database
213 *
214 * @return Primary key referencing AIK in database
215 */
216 int (*get_aik_id)(pts_t *this);
217
218 /**
219 * Check whether path is valid file/directory on filesystem
220 *
221 * @param path Absolute path
222 * @param error_code Output variable for PTS error code
223 * @return TRUE if path is valid or file/directory
224 * doesn't exist or path is invalid
225 * FALSE if local error occurred within stat function
226 */
227 bool (*is_path_valid)(pts_t *this, char *path, pts_error_code_t *error_code);
228
229 /**
230 * Obtain file metadata
231 *
232 * @param pathname Absolute pathname of file/directory
233 * @param is_dir TRUE if directory contents are requested
234 * @return PTS File Metadata or NULL if FAILED
235 */
236 pts_file_meta_t* (*get_metadata)(pts_t *this, char *pathname, bool is_dir);
237
238 /**
239 * Reads given PCR value and returns it
240 * Expects owner secret to be WELL_KNOWN_SECRET
241 *
242 * @param pcr_num Number of PCR to read
243 * @param pcr_value Chunk to save pcr read output
244 * @return NULL in case of TSS error, PCR value otherwise
245 */
246 bool (*read_pcr)(pts_t *this, u_int32_t pcr_num, chunk_t *pcr_value);
247
248 /**
249 * Extends given PCR with given value
250 * Expects owner secret to be WELL_KNOWN_SECRET
251 *
252 * @param pcr_num Number of PCR to extend
253 * @param input Value to extend
254 * @param output Chunk to save PCR value after extension
255 * @return FALSE in case of TSS error, TRUE otherwise
256 */
257 bool (*extend_pcr)(pts_t *this, u_int32_t pcr_num, chunk_t input,
258 chunk_t *output);
259
260 /**
261 * Quote over PCR's
262 * Expects owner and SRK secret to be WELL_KNOWN_SECRET and no password set for AIK
263 *
264 * @param use_quote2 Version of the Quote function to be used
265 * @param pcr_comp Chunk to save PCR composite structure
266 * @param quote_sig Chunk to save quote operation output
267 * without external data (anti-replay protection)
268 * @return FALSE in case of TSS error, TRUE otherwise
269 */
270 bool (*quote_tpm)(pts_t *this, bool use_quote2, chunk_t *pcr_comp,
271 chunk_t *quote_sig);
272
273 /**
274 * Get the shadow PCR set
275 *
276 * @return shadow PCR set
277 */
278 pts_pcr_t* (*get_pcrs)(pts_t *this);
279
280 /**
281 * Constructs and returns TPM Quote Info structure expected from IMC
282 *
283 * @param use_quote2 Version of the TPM_QUOTE_INFO to be constructed
284 * @param use_ver_info Version info is concatenated to TPM_QUOTE_INFO2
285 * @param comp_hash_algo Composite Hash Algorithm
286 * @param pcr_comp Output variable to store PCR Composite
287 * @param quote_info Output variable to store TPM Quote Info
288 * @return FALSE in case of any error, TRUE otherwise
289 */
290 bool (*get_quote_info)(pts_t *this, bool use_quote2, bool ver_info_included,
291 pts_meas_algorithms_t comp_hash_algo,
292 chunk_t *pcr_comp, chunk_t *quote_info);
293
294 /**
295 * Constructs and returns PCR Quote Digest structure expected from IMC
296 *
297 * @param data Calculated TPM Quote Digest
298 * @param signature TPM Quote Signature received from IMC
299 * @return FALSE if signature is not verified
300 */
301 bool (*verify_quote_signature)(pts_t *this, chunk_t data, chunk_t signature);
302
303 /**
304 * Destroys a pts_t object.
305 */
306 void (*destroy)(pts_t *this);
307
308 };
309
310 /**
311 * Creates an pts_t object
312 *
313 * @param is_imc TRUE if running on an IMC
314 */
315 pts_t* pts_create(bool is_imc);
316
317 #endif /** PTS_H_ @}*/