212acb02ad12a582793e811a8f4e2fb34e8125f0
[strongswan.git] / src / libpts / pts / pts.h
1 /*
2 * Copyright (C) 2011 Sansar Choinyambuu
3 * HSR Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 /**
17 * @defgroup pts pts
18 * @{ @ingroup pts
19 */
20
21 #ifndef PTS_H_
22 #define PTS_H_
23
24 typedef struct pts_t pts_t;
25
26 #include "pts_error.h"
27 #include "pts_proto_caps.h"
28 #include "pts_meas_algo.h"
29 #include "pts_file_meas.h"
30 #include "pts_file_meta.h"
31 #include "pts_dh_group.h"
32 #include "pts_req_func_comp_evid.h"
33 #include "pts_simple_evid_final.h"
34 #include "components/pts_comp_func_name.h"
35
36 #include <library.h>
37 #include <utils/linked_list.h>
38
39 /**
40 * UTF-8 encoding of the character used to delimiter the filename
41 */
42 #define SOLIDUS_UTF 0x2F
43 #define REVERSE_SOLIDUS_UTF 0x5C
44
45 /**
46 * PCR indices used for measurements of various functional components
47 */
48 #define PCR_BIOS 0
49 #define PCR_PLATFORM_EXT 1
50 #define PCR_MOTHERBOARD 1
51 #define PCR_OPTION_ROMS 2
52 #define PCR_IPL 4
53
54 #define PCR_TBOOT_POLICY 17
55 #define PCR_TBOOT_MLE 18
56
57 #define PCR_TGRUB_MBR_STAGE1 4
58 #define PCR_TGRUB_STAGE2_PART1 8
59 #define PCR_TGRUB_STAGE2_PART2 9
60 #define PCR_TGRUB_CMD_LINE_ARGS 12
61 #define PCR_TGRUB_CHECKFILE 13
62 #define PCR_TGRUB_LOADED_FILES 14
63
64 #define PCR_DEBUG 16
65
66 /**
67 * Length of the generated nonce used for calculation of shared secret
68 */
69 #define ASSESSMENT_SECRET_LEN 20
70
71 /**
72 * Length of the TPM_QUOTE_INFO structure, TPM Spec 1.2
73 */
74 #define TPM_QUOTE_INFO_LEN 48
75
76 /**
77 * Hashing algorithm used by tboot and trustedGRUB
78 */
79 #define TRUSTED_HASH_ALGO PTS_MEAS_ALGO_SHA1
80
81 /**
82 * Class implementing the TCG Platform Trust Service (PTS)
83 *
84 */
85 struct pts_t {
86
87 /**
88 * Get PTS Protocol Capabilities
89 *
90 * @return Protocol capabilities flags
91 */
92 pts_proto_caps_flag_t (*get_proto_caps)(pts_t *this);
93
94 /**
95 * Set PTS Protocol Capabilities
96 *
97 * @param flags Protocol capabilities flags
98 */
99 void (*set_proto_caps)(pts_t *this, pts_proto_caps_flag_t flags);
100
101 /**
102 * Get PTS Measurement Algorithm
103 *
104 * @return PTS measurement algorithm
105 */
106 pts_meas_algorithms_t (*get_meas_algorithm)(pts_t *this);
107
108 /**
109 * Set PTS Measurement Algorithm
110 *
111 * @param algorithm PTS measurement algorithm
112 */
113 void (*set_meas_algorithm)(pts_t *this, pts_meas_algorithms_t algorithm);
114
115 /**
116 * Get DH Hash Algorithm
117 *
118 * @return DH hash algorithm
119 */
120 pts_meas_algorithms_t (*get_dh_hash_algorithm)(pts_t *this);
121
122 /**
123 * Set DH Hash Algorithm
124 *
125 * @param algorithm DH hash algorithm
126 */
127 void (*set_dh_hash_algorithm)(pts_t *this, pts_meas_algorithms_t algorithm);
128
129 /**
130 * Create PTS Diffie-Hellman object and nonce
131 *
132 * @param group PTS DH group
133 * @param nonce_len Nonce length
134 * @return TRUE if creation was successful
135 *
136 */
137 bool (*create_dh_nonce)(pts_t *this, pts_dh_group_t group, int nonce_len);
138
139 /**
140 * Get my Diffie-Hellman public value
141 *
142 * @param value My public DH value
143 * @param nonce My DH nonce
144 */
145 void (*get_my_public_value)(pts_t *this, chunk_t *value, chunk_t *nonce);
146
147 /**
148 * Set peer Diffie.Hellman public value
149 *
150 * @param value Peer public DH value
151 * @param nonce Peer DH nonce
152 */
153 void (*set_peer_public_value) (pts_t *this, chunk_t value, chunk_t nonce);
154
155 /**
156 * Calculates assessment secret to be used for TPM Quote as ExternalData
157 *
158 * @return TRUE unless both DH public values
159 * and nonces are set
160 */
161 bool (*calculate_secret) (pts_t *this);
162
163 /**
164 * Get Platform and OS Info
165 *
166 * @return Platform and OS info
167 */
168 char* (*get_platform_info)(pts_t *this);
169
170 /**
171 * Set Platform and OS Info
172 *
173 * @param info Platform and OS info
174 */
175 void (*set_platform_info)(pts_t *this, char *info);
176
177 /**
178 * Get TPM 1.2 Version Info
179 *
180 * @param info chunk containing a TPM_CAP_VERSION_INFO struct
181 * @return TRUE if TPM Version Info available
182 */
183 bool (*get_tpm_version_info)(pts_t *this, chunk_t *info);
184
185 /**
186 * Set TPM 1.2 Version Info
187 *
188 * @param info chunk containing a TPM_CAP_VERSION_INFO struct
189 */
190 void (*set_tpm_version_info)(pts_t *this, chunk_t info);
191
192 /**
193 * Get the length of the TPM PCR registers
194 *
195 * @return Length of PCR registers in bytes, 0 if undefined
196 */
197 size_t (*get_pcr_len)(pts_t *this);
198
199 /**
200 * Get Attestation Identity Certificate or Public Key
201 *
202 * @return AIK Certificate or Public Key
203 */
204 certificate_t* (*get_aik)(pts_t *this);
205
206 /**
207 * Set Attestation Identity Certificate or Public Key
208 *
209 * @param aik AIK Certificate or Public Key
210 */
211 void (*set_aik)(pts_t *this, certificate_t *aik);
212
213 /**
214 * Get SHA-1 Attestation Identity Public Key Info ID
215 *
216 * @param keyid AIK ID
217 * @return TRUE if AIK ID exists
218 */
219 bool (*get_aik_keyid)(pts_t *this, chunk_t *keyid);
220
221 /**
222 * Check whether path is valid file/directory on filesystem
223 *
224 * @param path Absolute path
225 * @param error_code Output variable for PTS error code
226 * @return TRUE if path is valid or file/directory
227 * doesn't exist or path is invalid
228 * FALSE if local error occurred within stat function
229 */
230 bool (*is_path_valid)(pts_t *this, char *path, pts_error_code_t *error_code);
231
232 /**
233 * Compute a hash over a file
234 * @param hasher Hasher to be used
235 * @param pathname Absolute path of a file
236 * @param hash Buffer to keep hash output
237 * @return TRUE if path is valid and hashing succeeded
238 */
239 bool (*hash_file)(pts_t *this, hasher_t *hasher, char *pathname, u_char *hash);
240
241 /**
242 * Do PTS File Measurements
243 *
244 * @param request_id ID of PTS File Measurement Request
245 * @param pathname Absolute pathname of file to be measured
246 * @param is_directory TRUE if directory contents are measured
247 * @return PTS File Measurements of NULL if FAILED
248 */
249 pts_file_meas_t* (*do_measurements)(pts_t *this, u_int16_t request_id,
250 char *pathname, bool is_directory);
251
252 /**
253 * Obtain file metadata
254 *
255 * @param pathname Absolute pathname of file/directory
256 * @param is_directory TRUE if directory contents are requested
257 * @return PTS File Metadata or NULL if FAILED
258 */
259 pts_file_meta_t* (*get_metadata)(pts_t *this, char *pathname,
260 bool is_directory);
261
262 /**
263 * Reads given PCR value and returns it
264 * Expects owner secret to be WELL_KNOWN_SECRET
265 *
266 * @param pcr_num Number of PCR to read
267 * @param pcr_value Chunk to save pcr read output
268 * @return NULL in case of TSS error, PCR value otherwise
269 */
270 bool (*read_pcr)(pts_t *this, u_int32_t pcr_num, chunk_t *pcr_value);
271
272 /**
273 * Extends given PCR with given value
274 * Expects owner secret to be WELL_KNOWN_SECRET
275 *
276 * @param pcr_num Number of PCR to extend
277 * @param input Value to extend
278 * @param output Chunk to save PCR value after extension
279 * @return FALSE in case of TSS error, TRUE otherwise
280 */
281 bool (*extend_pcr)(pts_t *this, u_int32_t pcr_num, chunk_t input,
282 chunk_t *output);
283
284 /**
285 * Quote over PCR's
286 * Expects owner and SRK secret to be WELL_KNOWN_SECRET and no password set for AIK
287 *
288 * @param use_quote2 Version of the Quote function to be used
289 * @param pcr_comp Chunk to save PCR composite structure
290 * @param quote_sig Chunk to save quote operation output
291 * without external data (anti-replay protection)
292 * @return FALSE in case of TSS error, TRUE otherwise
293 */
294 bool (*quote_tpm)(pts_t *this, bool use_quote2, chunk_t *pcr_comp,
295 chunk_t *quote_sig);
296
297 /**
298 * Mark an extended PCR as selected
299 *
300 * @param pcr Number of the extended PCR
301 * @return TRUE if PCR number is valid
302 */
303 bool (*select_pcr)(pts_t *this, u_int32_t pcr);
304
305 /**
306 * Add an extended PCR with its corresponding value
307 *
308 * @param pcr Number of the extended PCR
309 * @param pcr_before PCR value before extension
310 * @param pcr_after PCR value after extension
311 * @return TRUE if PCR number and register length is valid
312 */
313 bool (*add_pcr)(pts_t *this, u_int32_t pcr, chunk_t pcr_before,
314 chunk_t pcr_after);
315
316 /**
317 * Constructs and returns TPM Quote Info structure expected from IMC
318 *
319 * @param use_quote2 Version of the TPM_QUOTE_INFO to be constructed
320 * @param use_ver_info Version info is concatenated to TPM_QUOTE_INFO2
321 * @param comp_hash_algo Composite Hash Algorithm
322 * @param pcr_comp Output variable to store PCR Composite
323 * @param quote_info Output variable to store TPM Quote Info
324 * @return FALSE in case of any error, TRUE otherwise
325 */
326 bool (*get_quote_info)(pts_t *this, bool use_quote2, bool ver_info_included,
327 pts_meas_algorithms_t comp_hash_algo,
328 chunk_t *pcr_comp, chunk_t *quote_info);
329
330 /**
331 * Constructs and returns PCR Quote Digest structure expected from IMC
332 *
333 * @param data Calculated TPM Quote Digest
334 * @param signature TPM Quote Signature received from IMC
335 * @return FALSE if signature is not verified
336 */
337 bool (*verify_quote_signature)(pts_t *this, chunk_t data, chunk_t signature);
338
339 /**
340 * Destroys a pts_t object.
341 */
342 void (*destroy)(pts_t *this);
343
344 };
345
346 /**
347 * Creates an pts_t object
348 *
349 * @param is_imc TRUE if running on an IMC
350 */
351 pts_t* pts_create(bool is_imc);
352
353 #endif /** PTS_H_ @}*/