Loading AIK Blob from file configured
[strongswan.git] / src / libpts / pts / pts.h
1 /*
2 * Copyright (C) 2011 Sansar Choinyambuu
3 * HSR Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 /**
17 * @defgroup pts pts
18 * @{ @ingroup pts
19 */
20
21 #ifndef PTS_H_
22 #define PTS_H_
23
24 typedef struct pts_t pts_t;
25
26 #include "pts_error.h"
27 #include "pts_proto_caps.h"
28 #include "pts_meas_algo.h"
29 #include "pts_file_meas.h"
30 #include "pts_file_meta.h"
31 #include "pts_dh_group.h"
32
33 #include <library.h>
34 #include <utils/linked_list.h>
35
36 /**
37 * UTF-8 encoding of the character used to delimiter the filename
38 */
39 #define SOLIDUS_UTF 0x2F
40 #define REVERSE_SOLIDUS_UTF 0x5C
41
42 /**
43 * Length of the generated nonce used for calculation of shared secret
44 */
45 #define ASSESSMENT_SECRET_LEN 20
46
47 /**
48 * Maximum number of PCR's of TPM, TPM Spec 1.2
49 */
50 #define MAX_NUM_PCR 24
51
52 /**
53 * Number of bytes that can be saved in a PCR of TPM, TPM Spec 1.2
54 */
55 #define PCR_LEN 20
56
57 /**
58 * Class implementing the TCG Platform Trust Service (PTS)
59 *
60 */
61 struct pts_t {
62
63 /**
64 * Get PTS Protocol Capabilities
65 *
66 * @return Protocol capabilities flags
67 */
68 pts_proto_caps_flag_t (*get_proto_caps)(pts_t *this);
69
70 /**
71 * Set PTS Protocol Capabilities
72 *
73 * @param flags Protocol capabilities flags
74 */
75 void (*set_proto_caps)(pts_t *this, pts_proto_caps_flag_t flags);
76
77 /**
78 * Get PTS Measurement Algorithm
79 *
80 * @return PTS measurement algorithm
81 */
82 pts_meas_algorithms_t (*get_meas_algorithm)(pts_t *this);
83
84 /**
85 * Set PTS Measurement Algorithm
86 *
87 * @param algorithm PTS measurement algorithm
88 */
89 void (*set_meas_algorithm)(pts_t *this, pts_meas_algorithms_t algorithm);
90
91 /**
92 * Get DH Hash Algorithm
93 *
94 * @return DH hash algorithm
95 */
96 pts_meas_algorithms_t (*get_dh_hash_algorithm)(pts_t *this);
97
98 /**
99 * Set DH Hash Algorithm
100 *
101 * @param algorithm DH hash algorithm
102 */
103 void (*set_dh_hash_algorithm)(pts_t *this, pts_meas_algorithms_t algorithm);
104
105 /**
106 * Create PTS Diffie-Hellman object and nonce
107 *
108 * @param group PTS DH group
109 * @param nonce_len Nonce length
110 * @return TRUE if creation was successful
111 *
112 */
113 bool (*create_dh_nonce)(pts_t *this, pts_dh_group_t group, int nonce_len);
114
115 /**
116 * Get my Diffie-Hellman public value
117 *
118 * @param value My public DH value
119 * @param nonce My DH nonce
120 */
121 void (*get_my_public_value)(pts_t *this, chunk_t *value, chunk_t *nonce);
122
123 /**
124 * Set peer Diffie.Hellman public value
125 *
126 * @param value Peer public DH value
127 * @param nonce Peer DH nonce
128 */
129 void (*set_peer_public_value) (pts_t *this, chunk_t value, chunk_t nonce);
130
131 /**
132 * Calculates secret assessment value to be used for TPM Quote as ExternalData
133 *
134 * @return TRUE unless both DH public values
135 * and nonces are set
136 */
137 bool (*calculate_secret) (pts_t *this);
138
139 /**
140 * Get Platform and OS Info
141 *
142 * @return Platform and OS info
143 */
144 char* (*get_platform_info)(pts_t *this);
145
146 /**
147 * Set Platform and OS Info
148 *
149 * @param info Platform and OS info
150 */
151 void (*set_platform_info)(pts_t *this, char *info);
152
153 /**
154 * Get TPM 1.2 Version Info
155 *
156 * @param info chunk containing a TPM_CAP_VERSION_INFO struct
157 * @return TRUE if TPM Version Info available
158 */
159 bool (*get_tpm_version_info)(pts_t *this, chunk_t *info);
160
161 /**
162 * Set TPM 1.2 Version Info
163 *
164 * @param info chunk containing a TPM_CAP_VERSION_INFO struct
165 */
166 void (*set_tpm_version_info)(pts_t *this, chunk_t info);
167
168 /**
169 * Get Attestation Identity Certificate or Public Key
170 *
171 * @return AIK Certificate or Public Key
172 */
173 certificate_t* (*get_aik)(pts_t *this);
174
175 /**
176 * Set Attestation Identity Certificate or Public Key
177 *
178 * @param aik AIK Certificate or Public Key
179 */
180 void (*set_aik)(pts_t *this, certificate_t *aik);
181
182 /**
183 * Check whether path is valid file/directory on filesystem
184 *
185 * @param path Absolute path
186 * @param error_code Output variable for PTS error code
187 * @return TRUE if path is valid or file/directory
188 * doesn't exist or path is invalid
189 * FALSE if local error occured within stat function
190 */
191 bool (*is_path_valid)(pts_t *this, char *path, pts_error_code_t *error_code);
192
193 /**
194 * Compute a hash over a file
195 * @param hasher Hasher to be used
196 * @param pathname Absolute path of a file
197 * @param hash Buffer to keep hash output
198 * @return TRUE if path is valid and hashing succeeded
199 */
200 bool (*hash_file)(pts_t *this, hasher_t *hasher, char *pathname, u_char *hash);
201
202 /**
203 * Do PTS File Measurements
204 *
205 * @param request_id ID of PTS File Measurement Request
206 * @param pathname Absolute pathname of file to be measured
207 * @param is_directory TRUE if directory contents are measured
208 * @return PTS File Measurements of NULL if FAILED
209 */
210 pts_file_meas_t* (*do_measurements)(pts_t *this, u_int16_t request_id,
211 char *pathname, bool is_directory);
212
213 /**
214 * Obtain file metadata
215 *
216 * @param pathname Absolute pathname of file/directory
217 * @param is_directory TRUE if directory contents are requested
218 * @return PTS File Metadata or NULL if FAILED
219 */
220 pts_file_meta_t* (*get_metadata)(pts_t *this, char *pathname, bool is_directory);
221
222 /**
223 * Reads given PCR value and returns it
224 * Expects owner secret to be WELL_KNOWN_SECRET
225 *
226 * @param pcr_num Number of PCR to read
227 * @param pcr_value Chunk to save pcr read output
228 * @return NULL in case of TSS error, PCR value otherwise
229 */
230 bool (*read_pcr)(pts_t *this, u_int32_t pcr_num, chunk_t *pcr_value);
231
232 /**
233 * Extends given PCR with given value
234 * Expects owner secret to be WELL_KNOWN_SECRET
235 *
236 * @param pcr_num Number of PCR to extend
237 * @param input Value to extend
238 * @param output Chunk to save PCR value after extension
239 * @return FALSE in case of TSS error, TRUE otherwise
240 */
241 bool (*extend_pcr)(pts_t *this, u_int32_t pcr_num, chunk_t input, chunk_t *output);
242
243 /**
244 * Quote over PCR's
245 * Expects owner and SRK secret to be WELL_KNOWN_SECRET and no password set for AIK
246 *
247 * @param pcrs Array of PCR's to make quotation over
248 * @param num_of_pcrs Number of elements in pcrs array
249 * @param pcr_composite Chunk to save pcr composite structure
250 * @param quote_signature Chunk to save quote operation output
251 * without external data (anti-replay protection)
252 * @return FALSE in case of TSS error, TRUE otherwise
253 */
254 bool (*quote_tpm)(pts_t *this, u_int32_t *pcrs, u_int32_t num_of_pcrs,
255 chunk_t *pcr_composite, chunk_t *quote_signature);
256
257 /**
258 * Destroys a pts_t object.
259 */
260 void (*destroy)(pts_t *this);
261
262 };
263
264 /**
265 * Creates an pts_t object
266 *
267 * @param is_imc TRUE if running on an IMC
268 */
269 pts_t* pts_create(bool is_imc);
270
271 #endif /** PTS_H_ @}*/