095fe071813c9b8406ce68a3c447517f10e7c382
[strongswan.git] / src / libpts / pts / pts.h
1 /*
2 * Copyright (C) 2011 Sansar Choinyambuu
3 * HSR Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 /**
17 * @defgroup pts pts
18 * @{ @ingroup pts
19 */
20
21 #ifndef PTS_H_
22 #define PTS_H_
23
24 typedef struct pts_t pts_t;
25
26 #include "pts_error.h"
27 #include "pts_proto_caps.h"
28 #include "pts_meas_algo.h"
29 #include "pts_file_meas.h"
30 #include "pts_file_meta.h"
31 #include "pts_dh_group.h"
32 #include "pts_req_func_comp_evid.h"
33 #include "pts_simple_evid_final.h"
34 #include "components/pts_comp_func_name.h"
35 #include "components/tcg/tcg_comp_func_name.h"
36 #include "components/ita/ita_comp_func_name.h"
37 #include "components/ita/ita_comp_tboot.h"
38 #include "components/ita/ita_comp_tgrub.h"
39
40 #include <library.h>
41 #include <utils/linked_list.h>
42
43 /**
44 * UTF-8 encoding of the character used to delimiter the filename
45 */
46 #define SOLIDUS_UTF 0x2F
47 #define REVERSE_SOLIDUS_UTF 0x5C
48
49 /**
50 * PCR indices used for measurements of various functional components
51 */
52 #define PCR_BIOS 0
53 #define PCR_PLATFORM_EXT 1
54 #define PCR_MOTHERBOARD 1
55 #define PCR_OPTION_ROMS 2
56 #define PCR_IPL 4
57
58 #define PCR_TBOOT_POLICY 17
59 #define PCR_TBOOT_MLE 18
60
61 #define PCR_TGRUB_MBR_STAGE1 4
62 #define PCR_TGRUB_STAGE2_PART1 8
63 #define PCR_TGRUB_STAGE2_PART2 9
64 #define PCR_TGRUB_CMD_LINE_ARGS 12
65 #define PCR_TGRUB_CHECKFILE 13
66 #define PCR_TGRUB_LOADED_FILES 14
67
68 #define PCR_DEBUG 16
69
70 /**
71 * Number of sequences for functional components
72 */
73 #define TBOOT_SEQUENCE_COUNT 2
74 #define TGRUB_SEQUENCE_COUNT 6
75
76 /**
77 * Length of the generated nonce used for calculation of shared secret
78 */
79 #define ASSESSMENT_SECRET_LEN 20
80
81 /**
82 * Maximum number of PCR's of TPM, TPM Spec 1.2
83 */
84 #define PCR_MAX_NUM 24
85
86 /**
87 * Number of bytes that can be saved in a PCR of TPM, TPM Spec 1.2
88 */
89 #define PCR_LEN 20
90
91 /**
92 * Lenght of the TPM_QUOTE_INFO structure, TPM Spec 1.2
93 */
94 #define TPM_QUOTE_INFO_LEN 48
95
96 /**
97 * Hashing algorithm used by tboot and trustedGRUB
98 */
99 #define TRUSTED_HASH_ALGO PTS_MEAS_ALGO_SHA1
100
101 /**
102 * Class implementing the TCG Platform Trust Service (PTS)
103 *
104 */
105 struct pts_t {
106
107 /**
108 * Get PTS Protocol Capabilities
109 *
110 * @return Protocol capabilities flags
111 */
112 pts_proto_caps_flag_t (*get_proto_caps)(pts_t *this);
113
114 /**
115 * Set PTS Protocol Capabilities
116 *
117 * @param flags Protocol capabilities flags
118 */
119 void (*set_proto_caps)(pts_t *this, pts_proto_caps_flag_t flags);
120
121 /**
122 * Get PTS Measurement Algorithm
123 *
124 * @return PTS measurement algorithm
125 */
126 pts_meas_algorithms_t (*get_meas_algorithm)(pts_t *this);
127
128 /**
129 * Set PTS Measurement Algorithm
130 *
131 * @param algorithm PTS measurement algorithm
132 */
133 void (*set_meas_algorithm)(pts_t *this, pts_meas_algorithms_t algorithm);
134
135 /**
136 * Get DH Hash Algorithm
137 *
138 * @return DH hash algorithm
139 */
140 pts_meas_algorithms_t (*get_dh_hash_algorithm)(pts_t *this);
141
142 /**
143 * Set DH Hash Algorithm
144 *
145 * @param algorithm DH hash algorithm
146 */
147 void (*set_dh_hash_algorithm)(pts_t *this, pts_meas_algorithms_t algorithm);
148
149 /**
150 * Create PTS Diffie-Hellman object and nonce
151 *
152 * @param group PTS DH group
153 * @param nonce_len Nonce length
154 * @return TRUE if creation was successful
155 *
156 */
157 bool (*create_dh_nonce)(pts_t *this, pts_dh_group_t group, int nonce_len);
158
159 /**
160 * Get my Diffie-Hellman public value
161 *
162 * @param value My public DH value
163 * @param nonce My DH nonce
164 */
165 void (*get_my_public_value)(pts_t *this, chunk_t *value, chunk_t *nonce);
166
167 /**
168 * Set peer Diffie.Hellman public value
169 *
170 * @param value Peer public DH value
171 * @param nonce Peer DH nonce
172 */
173 void (*set_peer_public_value) (pts_t *this, chunk_t value, chunk_t nonce);
174
175 /**
176 * Calculates assessment secret to be used for TPM Quote as ExternalData
177 *
178 * @return TRUE unless both DH public values
179 * and nonces are set
180 */
181 bool (*calculate_secret) (pts_t *this);
182
183 /**
184 * Set PTS Diffie Hellman Object
185 *
186 * @param dh D-H object
187 */
188 bool (*create_dh_nonce)(pts_t *this, pts_dh_group_t group, int nonce_len);
189
190 /**
191 * Get my Diffie-Hellman public value
192 *
193 * @param value My public DH value
194 * @param nonce My DH nonce
195 */
196 void (*get_my_public_value)(pts_t *this, chunk_t *value, chunk_t *nonce);
197
198 /**
199 * Set peer Diffie.Hellman public value
200 *
201 * @param value Peer public DH value
202 * @param nonce Peer DH nonce
203 */
204 void (*set_peer_public_value) (pts_t *this, chunk_t value, chunk_t nonce);
205
206 /**
207 * Calculates secret assessment value to be used for TPM Quote as ExternalData
208 *
209 * @return TRUE unless both DH public values
210 * and nonces are set
211 */
212 bool (*calculate_secret) (pts_t *this);
213
214 /**
215 * Get Platform and OS Info
216 *
217 * @return Platform and OS info
218 */
219 char* (*get_platform_info)(pts_t *this);
220
221 /**
222 * Set Platform and OS Info
223 *
224 * @param info Platform and OS info
225 */
226 void (*set_platform_info)(pts_t *this, char *info);
227
228 /**
229 * Get TPM 1.2 Version Info
230 *
231 * @param info chunk containing a TPM_CAP_VERSION_INFO struct
232 * @return TRUE if TPM Version Info available
233 */
234 bool (*get_tpm_version_info)(pts_t *this, chunk_t *info);
235
236 /**
237 * Set TPM 1.2 Version Info
238 *
239 * @param info chunk containing a TPM_CAP_VERSION_INFO struct
240 */
241 void (*set_tpm_version_info)(pts_t *this, chunk_t info);
242
243 /**
244 * Get Attestation Identity Certificate or Public Key
245 *
246 * @return AIK Certificate or Public Key
247 */
248 certificate_t* (*get_aik)(pts_t *this);
249
250 /**
251 * Set Attestation Identity Certificate or Public Key
252 *
253 * @param aik AIK Certificate or Public Key
254 */
255 void (*set_aik)(pts_t *this, certificate_t *aik);
256
257 /**
258 * Check whether path is valid file/directory on filesystem
259 *
260 * @param path Absolute path
261 * @param error_code Output variable for PTS error code
262 * @return TRUE if path is valid or file/directory
263 * doesn't exist or path is invalid
264 * FALSE if local error occured within stat function
265 */
266 bool (*is_path_valid)(pts_t *this, char *path, pts_error_code_t *error_code);
267
268 /**
269 * Compute a hash over a file
270 *
271 * @param hasher Hasher to be used
272 * @param pathname Absolute path of a file
273 * @param hash Buffer to keep hash output
274 * @return TRUE if path is valid and hashing succeeded
275 */
276 bool (*hash_file)(pts_t *this, hasher_t *hasher, char *pathname, u_char *hash);
277
278 /**
279 * Do PTS File Measurements
280 *
281 * @param request_id ID of PTS File Measurement Request
282 * @param pathname Absolute pathname of file to be measured
283 * @param is_directory TRUE if directory contents are measured
284 * @return PTS File Measurements of NULL if FAILED
285 */
286 pts_file_meas_t* (*do_measurements)(pts_t *this, u_int16_t request_id,
287 char *pathname, bool is_directory);
288
289 /**
290 * Obtain file metadata
291 *
292 * @param pathname Absolute pathname of file/directory
293 * @param is_directory TRUE if directory contents are requested
294 * @return PTS File Metadata or NULL if FAILED
295 */
296 pts_file_meta_t* (*get_metadata)(pts_t *this, char *pathname,
297 bool is_directory);
298
299 /**
300 * Reads given PCR value and returns it
301 * Expects owner secret to be WELL_KNOWN_SECRET
302 *
303 * @param pcr_num Number of PCR to read
304 * @param pcr_value Chunk to save pcr read output
305 * @return NULL in case of TSS error, PCR value otherwise
306 */
307 bool (*read_pcr)(pts_t *this, u_int32_t pcr_num, chunk_t *pcr_value);
308
309 /**
310 * Extends given PCR with given value
311 * Expects owner secret to be WELL_KNOWN_SECRET
312 *
313 * @param pcr_num Number of PCR to extend
314 * @param input Value to extend
315 * @param output Chunk to save PCR value after extension
316 * @return FALSE in case of TSS error, TRUE otherwise
317 */
318 bool (*extend_pcr)(pts_t *this, u_int32_t pcr_num, chunk_t input,
319 chunk_t *output);
320
321 /**
322 * Quote over PCR's
323 * Expects owner and SRK secret to be WELL_KNOWN_SECRET and no password set for AIK
324 *
325 * @param use_quote2 Version of the Quote funtion to be used
326 * @param pcr_comp Chunk to save PCR composite structure
327 * @param quote_sig Chunk to save quote operation output
328 * without external data (anti-replay protection)
329 * @return FALSE in case of TSS error, TRUE otherwise
330 */
331 bool (*quote_tpm)(pts_t *this, bool use_quote2, chunk_t *pcr_comp,
332 chunk_t *quote_sig);
333
334 /**
335 * Mark an extended PCR as selected
336 *
337 * @param pcr Number of the extended PCR
338 * @return TRUE if PCR number is valid
339 */
340 bool (*select_pcr)(pts_t *this, u_int32_t pcr);
341
342 /**
343 * Add an extended PCR with its corresponding value
344 *
345 * @param pcr Number of the extended PCR
346 * @param pcr_before PCR value before extension
347 * @param pcr_after PCR value after extension
348 * @return TRUE if PCR number and register length is valid
349 */
350 bool (*add_pcr)(pts_t *this, u_int32_t pcr, chunk_t pcr_before,
351 chunk_t pcr_after);
352
353 /**
354 * Constructs and returns TPM Quote Info structure expected from IMC
355 *
356 * @param use_quote2 Version of the TPM_QUOTE_INFO to be constructed
357 * @param use_ver_info Version info is concatenated to TPM_QUOTE_INFO2
358 * @param comp_hash_algo Composite Hash Algorithm
359 * @param pcr_comp Output variable to store PCR Composite
360 * @param quote_info Output variable to store TPM Quote Info
361 * @return FALSE in case of any error, TRUE otherwise
362 */
363 bool (*get_quote_info)(pts_t *this, bool use_quote2, bool ver_info_included,
364 pts_meas_algorithms_t comp_hash_algo,
365 chunk_t *pcr_comp, chunk_t *quote_info);
366
367 /**
368 * Constructs and returns PCR Quote Digest structure expected from IMC
369 *
370 * @param data Calculated TPM Quote Digest
371 * @param signature TPM Quote Signature received from IMC
372 * @return FALSE if signature is not verified
373 */
374 bool (*verify_quote_signature)(pts_t *this, chunk_t data, chunk_t signature);
375
376 /**
377 * Reads given PCR value and returns it
378 * Expects owner secret to be WELL_KNOWN_SECRET
379 *
380 * @param pcr_num Number of PCR to read
381 * @param pcr_value Chunk to save pcr read output
382 * @return NULL in case of TSS error, PCR value otherwise
383 */
384 bool (*read_pcr)(pts_t *this, u_int32_t pcr_num, chunk_t *pcr_value);
385
386 /**
387 * Extends given PCR with given value
388 * Expects owner secret to be WELL_KNOWN_SECRET
389 *
390 * @param pcr_num Number of PCR to extend
391 * @param input Value to extend
392 * @param output Chunk to save PCR value after extension
393 * @return FALSE in case of TSS error, TRUE otherwise
394 */
395 bool (*extend_pcr)(pts_t *this, u_int32_t pcr_num, chunk_t input,
396 chunk_t *output);
397
398 /**
399 * Quote over PCR's
400 * Expects owner and SRK secret to be WELL_KNOWN_SECRET and no password set for AIK
401 *
402 * @param pcrs Array of PCR's to make quotation over
403 * @param num_of_pcrs Number of elements in pcrs array
404 * @param pcr_composite Chunk to save pcr composite structure
405 * @param quote_signature Chunk to save quote operation output
406 * without external data (anti-replay protection)
407 * @return FALSE in case of TSS error, TRUE otherwise
408 */
409 bool (*quote_tpm)(pts_t *this, u_int32_t *pcrs, u_int32_t num_of_pcrs,
410 chunk_t *pcr_composite, chunk_t *quote_signature);
411
412 /**
413 * Add extended PCR with its corresponding value
414 *
415 * @return FALSE in case of any error or non-match, TRUE otherwise
416 */
417 void (*add_pcr_entry)(pts_t *this, pcr_entry_t *entry);
418
419 /**
420 * Constructs and returns TPM Quote Info structure expected from IMC
421 *
422 * @param pcr_composite Output variable to store PCR Composite
423 * @param quote_info Output variable to store TPM Quote Info
424 * @return FALSE in case of any error, TRUE otherwise
425 */
426 bool (*get_quote_info)(pts_t *this, chunk_t *pcr_composite,
427 chunk_t *quote_info);
428
429 /**
430 * Constructs and returns PCR Quote Digest structure expected from IMC
431 *
432 * @param data Calculated TPM Quote Digest
433 * @param signature TPM Quote Signature received from IMC
434 * @return FALSE in case signature is not verified, TRUE otherwise
435 */
436 bool (*verify_quote_signature)(pts_t *this, chunk_t data, chunk_t signature);
437
438 /**
439 * Destroys a pts_t object.
440 */
441 void (*destroy)(pts_t *this);
442
443 };
444
445 /**
446 * Creates an pts_t object
447 *
448 * @param is_imc TRUE if running on an IMC
449 */
450 pts_t* pts_create(bool is_imc);
451
452 #endif /** PTS_H_ @}*/
453