68612435fd0317f840d5a1458824209c054e2aab
[strongswan.git] / src / libpts / pts / pts.h
1 /*
2 * Copyright (C) 2011 Sansar Choinyambuu
3 * HSR Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 /**
17 * @defgroup pts pts
18 * @{ @ingroup pts
19 */
20
21 #ifndef PTS_H_
22 #define PTS_H_
23
24 typedef struct pts_t pts_t;
25 typedef struct pcr_entry_t pcr_entry_t;
26
27 #include "pts_error.h"
28 #include "pts_proto_caps.h"
29 #include "pts_meas_algo.h"
30 #include "pts_file_meas.h"
31 #include "pts_file_meta.h"
32 #include "pts_dh_group.h"
33 #include "pts_funct_comp_evid_req.h"
34
35 #include <library.h>
36 #include <utils/linked_list.h>
37
38 /**
39 * UTF-8 encoding of the character used to delimiter the filename
40 */
41 #define SOLIDUS_UTF 0x2F
42 #define REVERSE_SOLIDUS_UTF 0x5C
43
44 /**
45 * PCR indices used for measurements of various functional components
46 */
47 #define PCR_BIOS 0
48 #define PCR_PLATFORM_EXT 1
49 #define PCR_MOTHERBOARD 1
50 #define PCR_OPTION_ROMS 2
51 #define PCR_IPL 4
52
53 #define PCR_TBOOT_POLICY 17
54 #define PCR_TBOOT_MLE 18
55
56 #define PCR_TGRUB_MBR_STAGE1 4
57 #define PCR_TGRUB_STAGE2_PART1 8
58 #define PCR_TGRUB_STAGE2_PART2 9
59 #define PCR_TGRUB_CMD_LINE_ARGS 12
60 #define PCR_TGRUB_CHECKFILE 13
61 #define PCR_TGRUB_LOADED_FILES 14
62
63 #define TBOOT_POLICY_STR (const char *)("tboot_pcr17")
64 #define TBOOT_MLE_STR (const char *)("tboot_pcr18")
65
66 /**
67 * Length of the generated nonce used for calculation of shared secret
68 */
69 #define ASSESSMENT_SECRET_LEN 20
70
71 /**
72 * Maximum number of PCR's of TPM, TPM Spec 1.2
73 */
74 #define MAX_NUM_PCR 24
75
76 /**
77 * Number of bytes that can be saved in a PCR of TPM, TPM Spec 1.2
78 */
79 #define PCR_LEN 20
80
81 /**
82 * Lenght of the TPM_QUOTE_INFO structure, TPM Spec 1.2
83 */
84 #define TPM_QUOTE_INFO_LEN 48
85
86 /**
87 * Hashing algorithm used by tboot and trustedGRUB
88 */
89 #define TRUSTED_HASH_ALGO PTS_MEAS_ALGO_SHA1
90
91 /**
92 * PCR Entry structure which contains PCR number and current value
93 */
94 struct pcr_entry_t {
95 u_int32_t pcr_number;
96 char pcr_value[PCR_LEN];
97 };
98
99 /**
100 * Class implementing the TCG Platform Trust Service (PTS)
101 *
102 */
103 struct pts_t {
104
105 /**
106 * Get PTS Protocol Capabilities
107 *
108 * @return Protocol capabilities flags
109 */
110 pts_proto_caps_flag_t (*get_proto_caps)(pts_t *this);
111
112 /**
113 * Set PTS Protocol Capabilities
114 *
115 * @param flags Protocol capabilities flags
116 */
117 void (*set_proto_caps)(pts_t *this, pts_proto_caps_flag_t flags);
118
119 /**
120 * Get PTS Measurement Algorithm
121 *
122 * @return PTS measurement algorithm
123 */
124 pts_meas_algorithms_t (*get_meas_algorithm)(pts_t *this);
125
126 /**
127 * Set PTS Measurement Algorithm
128 *
129 * @param algorithm PTS measurement algorithm
130 */
131 void (*set_meas_algorithm)(pts_t *this, pts_meas_algorithms_t algorithm);
132
133 /**
134 * Get DH Hash Algorithm
135 *
136 * @return DH hash algorithm
137 */
138 pts_meas_algorithms_t (*get_dh_hash_algorithm)(pts_t *this);
139
140 /**
141 * Set DH Hash Algorithm
142 *
143 * @param algorithm DH hash algorithm
144 */
145 void (*set_dh_hash_algorithm)(pts_t *this, pts_meas_algorithms_t algorithm);
146
147 /**
148 * Create PTS Diffie-Hellman object and nonce
149 *
150 * @param group PTS DH group
151 * @param nonce_len Nonce length
152 * @return TRUE if creation was successful
153 *
154 */
155 bool (*create_dh_nonce)(pts_t *this, pts_dh_group_t group, int nonce_len);
156
157 /**
158 * Get my Diffie-Hellman public value
159 *
160 * @param value My public DH value
161 * @param nonce My DH nonce
162 */
163 void (*get_my_public_value)(pts_t *this, chunk_t *value, chunk_t *nonce);
164
165 /**
166 * Set peer Diffie.Hellman public value
167 *
168 * @param value Peer public DH value
169 * @param nonce Peer DH nonce
170 */
171 void (*set_peer_public_value) (pts_t *this, chunk_t value, chunk_t nonce);
172
173 /**
174 * Calculates assessment secret to be used for TPM Quote as ExternalData
175 *
176 * @return TRUE unless both DH public values
177 * and nonces are set
178 */
179 bool (*calculate_secret) (pts_t *this);
180
181 /**
182 * Set PTS Diffie Hellman Object
183 *
184 * @param dh D-H object
185 */
186 bool (*create_dh_nonce)(pts_t *this, pts_dh_group_t group, int nonce_len);
187
188 /**
189 * Get my Diffie-Hellman public value
190 *
191 * @param value My public DH value
192 * @param nonce My DH nonce
193 */
194 void (*get_my_public_value)(pts_t *this, chunk_t *value, chunk_t *nonce);
195
196 /**
197 * Set peer Diffie.Hellman public value
198 *
199 * @param value Peer public DH value
200 * @param nonce Peer DH nonce
201 */
202 void (*set_peer_public_value) (pts_t *this, chunk_t value, chunk_t nonce);
203
204 /**
205 * Calculates secret assessment value to be used for TPM Quote as ExternalData
206 *
207 * @return TRUE unless both DH public values
208 * and nonces are set
209 */
210 bool (*calculate_secret) (pts_t *this);
211
212 /**
213 * Get Platform and OS Info
214 *
215 * @return Platform and OS info
216 */
217 char* (*get_platform_info)(pts_t *this);
218
219 /**
220 * Set Platform and OS Info
221 *
222 * @param info Platform and OS info
223 */
224 void (*set_platform_info)(pts_t *this, char *info);
225
226 /**
227 * Get TPM 1.2 Version Info
228 *
229 * @param info chunk containing a TPM_CAP_VERSION_INFO struct
230 * @return TRUE if TPM Version Info available
231 */
232 bool (*get_tpm_version_info)(pts_t *this, chunk_t *info);
233
234 /**
235 * Set TPM 1.2 Version Info
236 *
237 * @param info chunk containing a TPM_CAP_VERSION_INFO struct
238 */
239 void (*set_tpm_version_info)(pts_t *this, chunk_t info);
240
241 /**
242 * Get Attestation Identity Certificate or Public Key
243 *
244 * @return AIK Certificate or Public Key
245 */
246 certificate_t* (*get_aik)(pts_t *this);
247
248 /**
249 * Set Attestation Identity Certificate or Public Key
250 *
251 * @param aik AIK Certificate or Public Key
252 */
253 void (*set_aik)(pts_t *this, certificate_t *aik);
254
255 /**
256 * Check whether path is valid file/directory on filesystem
257 *
258 * @param path Absolute path
259 * @param error_code Output variable for PTS error code
260 * @return TRUE if path is valid or file/directory
261 * doesn't exist or path is invalid
262 * FALSE if local error occured within stat function
263 */
264 bool (*is_path_valid)(pts_t *this, char *path, pts_error_code_t *error_code);
265
266 /**
267 * Compute a hash over a file
268 *
269 * @param hasher Hasher to be used
270 * @param pathname Absolute path of a file
271 * @param hash Buffer to keep hash output
272 * @return TRUE if path is valid and hashing succeeded
273 */
274 bool (*hash_file)(pts_t *this, hasher_t *hasher, char *pathname, u_char *hash);
275
276 /**
277 * Do PTS File Measurements
278 *
279 * @param request_id ID of PTS File Measurement Request
280 * @param pathname Absolute pathname of file to be measured
281 * @param is_directory TRUE if directory contents are measured
282 * @return PTS File Measurements of NULL if FAILED
283 */
284 pts_file_meas_t* (*do_measurements)(pts_t *this, u_int16_t request_id,
285 char *pathname, bool is_directory);
286
287 /**
288 * Obtain file metadata
289 *
290 * @param pathname Absolute pathname of file/directory
291 * @param is_directory TRUE if directory contents are requested
292 * @return PTS File Metadata or NULL if FAILED
293 */
294 pts_file_meta_t* (*get_metadata)(pts_t *this, char *pathname,
295 bool is_directory);
296
297 /**
298 * Reads given PCR value and returns it
299 * Expects owner secret to be WELL_KNOWN_SECRET
300 *
301 * @param pcr_num Number of PCR to read
302 * @param pcr_value Chunk to save pcr read output
303 * @return NULL in case of TSS error, PCR value otherwise
304 */
305 bool (*read_pcr)(pts_t *this, u_int32_t pcr_num, chunk_t *pcr_value);
306
307 /**
308 * Extends given PCR with given value
309 * Expects owner secret to be WELL_KNOWN_SECRET
310 *
311 * @param pcr_num Number of PCR to extend
312 * @param input Value to extend
313 * @param output Chunk to save PCR value after extension
314 * @return FALSE in case of TSS error, TRUE otherwise
315 */
316 bool (*extend_pcr)(pts_t *this, u_int32_t pcr_num, chunk_t input,
317 chunk_t *output);
318
319 /**
320 * Quote over PCR's
321 * Expects owner and SRK secret to be WELL_KNOWN_SECRET and no password set for AIK
322 *
323 * @param use_quote2 Version of the Quote funtion to be used
324 * @param pcrs Array of PCR's to make quotation over
325 * @param num_of_pcrs Number of elements in pcrs array
326 * @param pcr_composite Chunk to save pcr composite structure
327 * @param quote_signature Chunk to save quote operation output
328 * without external data (anti-replay protection)
329 * @return FALSE in case of TSS error, TRUE otherwise
330 */
331 bool (*quote_tpm)(pts_t *this, bool use_quote2,
332 u_int32_t *pcrs, u_int32_t num_of_pcrs,
333 chunk_t *pcr_composite, chunk_t *quote_signature);
334
335 /**
336 * Add extended PCR with its corresponding value
337 *
338 * @return FALSE in case of any error or non-match, TRUE otherwise
339 */
340 void (*add_pcr_entry)(pts_t *this, pcr_entry_t *entry);
341
342 /**
343 * Constructs and returns TPM Quote Info structure expected from IMC
344 *
345 * @param use_quote2 Version of the TPM_QUOTE_INFO to be constructed
346 * @param ver_info_included Version info is concatenated to TPM_QUOTE_INFO2
347 * @param pcr_composite Output variable to store PCR Composite
348 * @param quote_info Output variable to store TPM Quote Info
349 * @return FALSE in case of any error, TRUE otherwise
350 */
351 bool (*get_quote_info)(pts_t *this, bool use_quote2, bool ver_info_included,
352 pts_meas_algorithms_t composite_algo,
353 chunk_t *pcr_composite, chunk_t *quote_info);
354
355 /**
356 * Constructs and returns PCR Quote Digest structure expected from IMC
357 *
358 * @param data Calculated TPM Quote Digest
359 * @param signature TPM Quote Signature received from IMC
360 * @return FALSE in case signature is not verified, TRUE otherwise
361 */
362 bool (*verify_quote_signature)(pts_t *this, chunk_t data, chunk_t signature);
363
364 /**
365 * Reads given PCR value and returns it
366 * Expects owner secret to be WELL_KNOWN_SECRET
367 *
368 * @param pcr_num Number of PCR to read
369 * @param pcr_value Chunk to save pcr read output
370 * @return NULL in case of TSS error, PCR value otherwise
371 */
372 bool (*read_pcr)(pts_t *this, u_int32_t pcr_num, chunk_t *pcr_value);
373
374 /**
375 * Extends given PCR with given value
376 * Expects owner secret to be WELL_KNOWN_SECRET
377 *
378 * @param pcr_num Number of PCR to extend
379 * @param input Value to extend
380 * @param output Chunk to save PCR value after extension
381 * @return FALSE in case of TSS error, TRUE otherwise
382 */
383 bool (*extend_pcr)(pts_t *this, u_int32_t pcr_num, chunk_t input,
384 chunk_t *output);
385
386 /**
387 * Quote over PCR's
388 * Expects owner and SRK secret to be WELL_KNOWN_SECRET and no password set for AIK
389 *
390 * @param pcrs Array of PCR's to make quotation over
391 * @param num_of_pcrs Number of elements in pcrs array
392 * @param pcr_composite Chunk to save pcr composite structure
393 * @param quote_signature Chunk to save quote operation output
394 * without external data (anti-replay protection)
395 * @return FALSE in case of TSS error, TRUE otherwise
396 */
397 bool (*quote_tpm)(pts_t *this, u_int32_t *pcrs, u_int32_t num_of_pcrs,
398 chunk_t *pcr_composite, chunk_t *quote_signature);
399
400 /**
401 * Add extended PCR with its corresponding value
402 *
403 * @return FALSE in case of any error or non-match, TRUE otherwise
404 */
405 void (*add_pcr_entry)(pts_t *this, pcr_entry_t *entry);
406
407 /**
408 * Constructs and returns TPM Quote Info structure expected from IMC
409 *
410 * @param pcr_composite Output variable to store PCR Composite
411 * @param quote_info Output variable to store TPM Quote Info
412 * @return FALSE in case of any error, TRUE otherwise
413 */
414 bool (*get_quote_info)(pts_t *this, chunk_t *pcr_composite,
415 chunk_t *quote_info);
416
417 /**
418 * Constructs and returns PCR Quote Digest structure expected from IMC
419 *
420 * @param data Calculated TPM Quote Digest
421 * @param signature TPM Quote Signature received from IMC
422 * @return FALSE in case signature is not verified, TRUE otherwise
423 */
424 bool (*verify_quote_signature)(pts_t *this, chunk_t data, chunk_t signature);
425
426 /**
427 * Destroys a pts_t object.
428 */
429 void (*destroy)(pts_t *this);
430
431 };
432
433 /**
434 * Creates an pts_t object
435 *
436 * @param is_imc TRUE if running on an IMC
437 */
438 pts_t* pts_create(bool is_imc);
439
440 #endif /** PTS_H_ @}*/
441