defined various measurement hash and pcr functions
[strongswan.git] / src / libpts / pts / pts.h
1 /*
2 * Copyright (C) 2011 Sansar Choinyambuu
3 * HSR Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 /**
17 * @defgroup pts pts
18 * @{ @ingroup pts
19 */
20
21 #ifndef PTS_H_
22 #define PTS_H_
23
24 typedef struct pts_t pts_t;
25
26 #include "pts_error.h"
27 #include "pts_proto_caps.h"
28 #include "pts_meas_algo.h"
29 #include "pts_file_meas.h"
30 #include "pts_file_meta.h"
31 #include "pts_dh_group.h"
32 #include "pts_req_func_comp_evid.h"
33 #include "pts_simple_evid_final.h"
34 #include "components/pts_comp_func_name.h"
35 #include "components/tcg/tcg_comp_func_name.h"
36 #include "components/ita/ita_comp_func_name.h"
37 #include "components/ita/ita_comp_tboot.h"
38 #include "components/ita/ita_comp_tgrub.h"
39
40 #include <library.h>
41 #include <utils/linked_list.h>
42
43 /**
44 * UTF-8 encoding of the character used to delimiter the filename
45 */
46 #define SOLIDUS_UTF 0x2F
47 #define REVERSE_SOLIDUS_UTF 0x5C
48
49 /**
50 * PCR indices used for measurements of various functional components
51 */
52 #define PCR_BIOS 0
53 #define PCR_PLATFORM_EXT 1
54 #define PCR_MOTHERBOARD 1
55 #define PCR_OPTION_ROMS 2
56 #define PCR_IPL 4
57
58 #define PCR_TBOOT_POLICY 17
59 #define PCR_TBOOT_MLE 18
60
61 #define PCR_TGRUB_MBR_STAGE1 4
62 #define PCR_TGRUB_STAGE2_PART1 8
63 #define PCR_TGRUB_STAGE2_PART2 9
64 #define PCR_TGRUB_CMD_LINE_ARGS 12
65 #define PCR_TGRUB_CHECKFILE 13
66 #define PCR_TGRUB_LOADED_FILES 14
67
68 #define PCR_DEBUG 16
69
70 /**
71 * Length of the generated nonce used for calculation of shared secret
72 */
73 #define ASSESSMENT_SECRET_LEN 20
74
75 /**
76 * Lenght of the TPM_QUOTE_INFO structure, TPM Spec 1.2
77 */
78 #define TPM_QUOTE_INFO_LEN 48
79
80 /**
81 * Hashing algorithm used by tboot and trustedGRUB
82 */
83 #define TRUSTED_HASH_ALGO PTS_MEAS_ALGO_SHA1
84
85 /**
86 * Class implementing the TCG Platform Trust Service (PTS)
87 *
88 */
89 struct pts_t {
90
91 /**
92 * Get PTS Protocol Capabilities
93 *
94 * @return Protocol capabilities flags
95 */
96 pts_proto_caps_flag_t (*get_proto_caps)(pts_t *this);
97
98 /**
99 * Set PTS Protocol Capabilities
100 *
101 * @param flags Protocol capabilities flags
102 */
103 void (*set_proto_caps)(pts_t *this, pts_proto_caps_flag_t flags);
104
105 /**
106 * Get PTS Measurement Algorithm
107 *
108 * @return PTS measurement algorithm
109 */
110 pts_meas_algorithms_t (*get_meas_algorithm)(pts_t *this);
111
112 /**
113 * Set PTS Measurement Algorithm
114 *
115 * @param algorithm PTS measurement algorithm
116 */
117 void (*set_meas_algorithm)(pts_t *this, pts_meas_algorithms_t algorithm);
118
119 /**
120 * Get DH Hash Algorithm
121 *
122 * @return DH hash algorithm
123 */
124 pts_meas_algorithms_t (*get_dh_hash_algorithm)(pts_t *this);
125
126 /**
127 * Set DH Hash Algorithm
128 *
129 * @param algorithm DH hash algorithm
130 */
131 void (*set_dh_hash_algorithm)(pts_t *this, pts_meas_algorithms_t algorithm);
132
133 /**
134 * Create PTS Diffie-Hellman object and nonce
135 *
136 * @param group PTS DH group
137 * @param nonce_len Nonce length
138 * @return TRUE if creation was successful
139 *
140 */
141 bool (*create_dh_nonce)(pts_t *this, pts_dh_group_t group, int nonce_len);
142
143 /**
144 * Get my Diffie-Hellman public value
145 *
146 * @param value My public DH value
147 * @param nonce My DH nonce
148 */
149 void (*get_my_public_value)(pts_t *this, chunk_t *value, chunk_t *nonce);
150
151 /**
152 * Set peer Diffie.Hellman public value
153 *
154 * @param value Peer public DH value
155 * @param nonce Peer DH nonce
156 */
157 void (*set_peer_public_value) (pts_t *this, chunk_t value, chunk_t nonce);
158
159 /**
160 * Calculates assessment secret to be used for TPM Quote as ExternalData
161 *
162 * @return TRUE unless both DH public values
163 * and nonces are set
164 */
165 bool (*calculate_secret) (pts_t *this);
166
167 /**
168 * Set PTS Diffie Hellman Object
169 *
170 * @param dh D-H object
171 */
172 bool (*create_dh_nonce)(pts_t *this, pts_dh_group_t group, int nonce_len);
173
174 /**
175 * Get my Diffie-Hellman public value
176 *
177 * @param value My public DH value
178 * @param nonce My DH nonce
179 */
180 void (*get_my_public_value)(pts_t *this, chunk_t *value, chunk_t *nonce);
181
182 /**
183 * Set peer Diffie.Hellman public value
184 *
185 * @param value Peer public DH value
186 * @param nonce Peer DH nonce
187 */
188 void (*set_peer_public_value) (pts_t *this, chunk_t value, chunk_t nonce);
189
190 /**
191 * Calculates secret assessment value to be used for TPM Quote as ExternalData
192 *
193 * @return TRUE unless both DH public values
194 * and nonces are set
195 */
196 bool (*calculate_secret) (pts_t *this);
197
198 /**
199 * Get Platform and OS Info
200 *
201 * @return Platform and OS info
202 */
203 char* (*get_platform_info)(pts_t *this);
204
205 /**
206 * Set Platform and OS Info
207 *
208 * @param info Platform and OS info
209 */
210 void (*set_platform_info)(pts_t *this, char *info);
211
212 /**
213 * Get TPM 1.2 Version Info
214 *
215 * @param info chunk containing a TPM_CAP_VERSION_INFO struct
216 * @return TRUE if TPM Version Info available
217 */
218 bool (*get_tpm_version_info)(pts_t *this, chunk_t *info);
219
220 /**
221 * Set TPM 1.2 Version Info
222 *
223 * @param info chunk containing a TPM_CAP_VERSION_INFO struct
224 */
225 void (*set_tpm_version_info)(pts_t *this, chunk_t info);
226
227 /**
228 * Get the length of the TPM PCR registers
229 *
230 * @return Length of PCR registers in bytes, 0 if undefined
231 */
232 size_t (*get_pcr_len)(pts_t *this);
233
234 /**
235 * Get Attestation Identity Certificate or Public Key
236 *
237 * @return AIK Certificate or Public Key
238 */
239 certificate_t* (*get_aik)(pts_t *this);
240
241 /**
242 * Set Attestation Identity Certificate or Public Key
243 *
244 * @param aik AIK Certificate or Public Key
245 */
246 void (*set_aik)(pts_t *this, certificate_t *aik);
247
248 /**
249 * Check whether path is valid file/directory on filesystem
250 *
251 * @param path Absolute path
252 * @param error_code Output variable for PTS error code
253 * @return TRUE if path is valid or file/directory
254 * doesn't exist or path is invalid
255 * FALSE if local error occured within stat function
256 */
257 bool (*is_path_valid)(pts_t *this, char *path, pts_error_code_t *error_code);
258
259 /**
260 * Compute a hash over a file
261 *
262 * @param hasher Hasher to be used
263 * @param pathname Absolute path of a file
264 * @param hash Buffer to keep hash output
265 * @return TRUE if path is valid and hashing succeeded
266 */
267 bool (*hash_file)(pts_t *this, hasher_t *hasher, char *pathname, u_char *hash);
268
269 /**
270 * Do PTS File Measurements
271 *
272 * @param request_id ID of PTS File Measurement Request
273 * @param pathname Absolute pathname of file to be measured
274 * @param is_directory TRUE if directory contents are measured
275 * @return PTS File Measurements of NULL if FAILED
276 */
277 pts_file_meas_t* (*do_measurements)(pts_t *this, u_int16_t request_id,
278 char *pathname, bool is_directory);
279
280 /**
281 * Obtain file metadata
282 *
283 * @param pathname Absolute pathname of file/directory
284 * @param is_directory TRUE if directory contents are requested
285 * @return PTS File Metadata or NULL if FAILED
286 */
287 pts_file_meta_t* (*get_metadata)(pts_t *this, char *pathname,
288 bool is_directory);
289
290 /**
291 * Reads given PCR value and returns it
292 * Expects owner secret to be WELL_KNOWN_SECRET
293 *
294 * @param pcr_num Number of PCR to read
295 * @param pcr_value Chunk to save pcr read output
296 * @return NULL in case of TSS error, PCR value otherwise
297 */
298 bool (*read_pcr)(pts_t *this, u_int32_t pcr_num, chunk_t *pcr_value);
299
300 /**
301 * Extends given PCR with given value
302 * Expects owner secret to be WELL_KNOWN_SECRET
303 *
304 * @param pcr_num Number of PCR to extend
305 * @param input Value to extend
306 * @param output Chunk to save PCR value after extension
307 * @return FALSE in case of TSS error, TRUE otherwise
308 */
309 bool (*extend_pcr)(pts_t *this, u_int32_t pcr_num, chunk_t input,
310 chunk_t *output);
311
312 /**
313 * Quote over PCR's
314 * Expects owner and SRK secret to be WELL_KNOWN_SECRET and no password set for AIK
315 *
316 * @param use_quote2 Version of the Quote funtion to be used
317 * @param pcr_comp Chunk to save PCR composite structure
318 * @param quote_sig Chunk to save quote operation output
319 * without external data (anti-replay protection)
320 * @return FALSE in case of TSS error, TRUE otherwise
321 */
322 bool (*quote_tpm)(pts_t *this, bool use_quote2, chunk_t *pcr_comp,
323 chunk_t *quote_sig);
324
325 /**
326 * Mark an extended PCR as selected
327 *
328 * @param pcr Number of the extended PCR
329 * @return TRUE if PCR number is valid
330 */
331 bool (*select_pcr)(pts_t *this, u_int32_t pcr);
332
333 /**
334 * Add an extended PCR with its corresponding value
335 *
336 * @param pcr Number of the extended PCR
337 * @param pcr_before PCR value before extension
338 * @param pcr_after PCR value after extension
339 * @return TRUE if PCR number and register length is valid
340 */
341 bool (*add_pcr)(pts_t *this, u_int32_t pcr, chunk_t pcr_before,
342 chunk_t pcr_after);
343
344 /**
345 * Constructs and returns TPM Quote Info structure expected from IMC
346 *
347 * @param use_quote2 Version of the TPM_QUOTE_INFO to be constructed
348 * @param use_ver_info Version info is concatenated to TPM_QUOTE_INFO2
349 * @param comp_hash_algo Composite Hash Algorithm
350 * @param pcr_comp Output variable to store PCR Composite
351 * @param quote_info Output variable to store TPM Quote Info
352 * @return FALSE in case of any error, TRUE otherwise
353 */
354 bool (*get_quote_info)(pts_t *this, bool use_quote2, bool ver_info_included,
355 pts_meas_algorithms_t comp_hash_algo,
356 chunk_t *pcr_comp, chunk_t *quote_info);
357
358 /**
359 * Constructs and returns PCR Quote Digest structure expected from IMC
360 *
361 * @param data Calculated TPM Quote Digest
362 * @param signature TPM Quote Signature received from IMC
363 * @return FALSE if signature is not verified
364 */
365 bool (*verify_quote_signature)(pts_t *this, chunk_t data, chunk_t signature);
366
367 /**
368 * Reads given PCR value and returns it
369 * Expects owner secret to be WELL_KNOWN_SECRET
370 *
371 * @param pcr_num Number of PCR to read
372 * @param pcr_value Chunk to save pcr read output
373 * @return NULL in case of TSS error, PCR value otherwise
374 */
375 bool (*read_pcr)(pts_t *this, u_int32_t pcr_num, chunk_t *pcr_value);
376
377 /**
378 * Extends given PCR with given value
379 * Expects owner secret to be WELL_KNOWN_SECRET
380 *
381 * @param pcr_num Number of PCR to extend
382 * @param input Value to extend
383 * @param output Chunk to save PCR value after extension
384 * @return FALSE in case of TSS error, TRUE otherwise
385 */
386 bool (*extend_pcr)(pts_t *this, u_int32_t pcr_num, chunk_t input,
387 chunk_t *output);
388
389 /**
390 * Quote over PCR's
391 * Expects owner and SRK secret to be WELL_KNOWN_SECRET and no password set for AIK
392 *
393 * @param pcrs Array of PCR's to make quotation over
394 * @param num_of_pcrs Number of elements in pcrs array
395 * @param pcr_composite Chunk to save pcr composite structure
396 * @param quote_signature Chunk to save quote operation output
397 * without external data (anti-replay protection)
398 * @return FALSE in case of TSS error, TRUE otherwise
399 */
400 bool (*quote_tpm)(pts_t *this, u_int32_t *pcrs, u_int32_t num_of_pcrs,
401 chunk_t *pcr_composite, chunk_t *quote_signature);
402
403 /**
404 * Add extended PCR with its corresponding value
405 *
406 * @return FALSE in case of any error or non-match, TRUE otherwise
407 */
408 void (*add_pcr_entry)(pts_t *this, pcr_entry_t *entry);
409
410 /**
411 * Constructs and returns TPM Quote Info structure expected from IMC
412 *
413 * @param pcr_composite Output variable to store PCR Composite
414 * @param quote_info Output variable to store TPM Quote Info
415 * @return FALSE in case of any error, TRUE otherwise
416 */
417 bool (*get_quote_info)(pts_t *this, chunk_t *pcr_composite,
418 chunk_t *quote_info);
419
420 /**
421 * Constructs and returns PCR Quote Digest structure expected from IMC
422 *
423 * @param data Calculated TPM Quote Digest
424 * @param signature TPM Quote Signature received from IMC
425 * @return FALSE in case signature is not verified, TRUE otherwise
426 */
427 bool (*verify_quote_signature)(pts_t *this, chunk_t data, chunk_t signature);
428
429 /**
430 * Destroys a pts_t object.
431 */
432 void (*destroy)(pts_t *this);
433
434 };
435
436 /**
437 * Creates an pts_t object
438 *
439 * @param is_imc TRUE if running on an IMC
440 */
441 pts_t* pts_create(bool is_imc);
442
443 #endif /** PTS_H_ @}*/
444