79e33016e5116438556e17184f1028ab5ac3063d
[strongswan.git] / src / libpts / pts / pts.h
1 /*
2 * Copyright (C) 2011 Sansar Choinyambuu
3 * HSR Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 /**
17 * @defgroup pts pts
18 * @{ @ingroup pts
19 */
20
21 #ifndef PTS_H_
22 #define PTS_H_
23
24 typedef struct pts_t pts_t;
25 typedef struct pcr_entry_t pcr_entry_t;
26
27 #include "pts_error.h"
28 #include "pts_proto_caps.h"
29 #include "pts_meas_algo.h"
30 #include "pts_file_meas.h"
31 #include "pts_file_meta.h"
32 #include "pts_dh_group.h"
33
34 #include <library.h>
35 #include <utils/linked_list.h>
36
37 /**
38 * UTF-8 encoding of the character used to delimiter the filename
39 */
40 #define SOLIDUS_UTF 0x2F
41 #define REVERSE_SOLIDUS_UTF 0x5C
42
43 /**
44 * PCR indices used for measurements of various functional components
45 */
46 /** Commented the real PCR indices out, use just PCR16 for debugging
47 #define PCR_BIOS 0
48 #define PCR_PLATFORM_EXT 1
49 #define PCR_MOTHERBOARD 1
50 #define PCR_OPTION_ROMS 2
51 #define PCR_IPL 4
52
53 #define PCR_TBOOT_POLICY 17
54 #define PCR_TBOOT_MLE 18
55
56 #define PCR_TGRUB_MBR_STAGE1 4
57 #define PCR_TGRUB_STAGE2_PART1 8
58 #define PCR_TGRUB_STAGE2_PART2 9
59 #define PCR_TGRUB_CMD_LINE_ARGS 12
60 #define PCR_TGRUB_CHECKFILE 13
61 #define PCR_TGRUB_LOADED_FILES 14
62 */
63
64 #define PCR_BIOS 16
65 #define PCR_PLATFORM_EXT 16
66 #define PCR_MOTHERBOARD 16
67 #define PCR_OPTION_ROMS 16
68 #define PCR_IPL 16
69
70 #define PCR_TBOOT_POLICY 16
71 #define PCR_TBOOT_MLE 16
72
73 #define PCR_TGRUB_MBR_STAGE1 16
74 #define PCR_TGRUB_STAGE2_PART1 16
75 #define PCR_TGRUB_STAGE2_PART2 16
76 #define PCR_TGRUB_CMD_LINE_ARGS 16
77 #define PCR_TGRUB_CHECKFILE 16
78 #define PCR_TGRUB_LOADED_FILES 16
79
80 /**
81 * Length of the generated nonce used for calculation of shared secret
82 */
83 #define ASSESSMENT_SECRET_LEN 20
84
85 /**
86 * Maximum number of PCR's of TPM, TPM Spec 1.2
87 */
88 #define MAX_NUM_PCR 24
89
90 /**
91 * Number of bytes that can be saved in a PCR of TPM, TPM Spec 1.2
92 */
93 #define PCR_LEN 20
94
95 /**
96 * Lenght of the TPM_QUOTE_INFO structure, TPM Spec 1.2
97 */
98 #define TPM_QUOTE_INFO_LEN 48
99
100 /**
101 * Bitmask Lenght for PCR Composite structure
102 */
103 #define PCR_MASK_LEN MAX_NUM_PCR/8
104
105 /**
106 * Hashing algorithm used by tboot and trustedGRUB
107 */
108 #define TRUSTED_HASH_ALGO PTS_MEAS_ALGO_SHA1
109
110 /**
111 * PCR Entry structure which contains PCR number and current value
112 */
113 struct pcr_entry_t {
114 u_int32_t pcr_number;
115 char pcr_value[PCR_LEN];
116 };
117
118 /**
119 * Class implementing the TCG Platform Trust Service (PTS)
120 *
121 */
122 struct pts_t {
123
124 /**
125 * Get PTS Protocol Capabilities
126 *
127 * @return Protocol capabilities flags
128 */
129 pts_proto_caps_flag_t (*get_proto_caps)(pts_t *this);
130
131 /**
132 * Set PTS Protocol Capabilities
133 *
134 * @param flags Protocol capabilities flags
135 */
136 void (*set_proto_caps)(pts_t *this, pts_proto_caps_flag_t flags);
137
138 /**
139 * Get PTS Measurement Algorithm
140 *
141 * @return PTS measurement algorithm
142 */
143 pts_meas_algorithms_t (*get_meas_algorithm)(pts_t *this);
144
145 /**
146 * Set PTS Measurement Algorithm
147 *
148 * @param algorithm PTS measurement algorithm
149 */
150 void (*set_meas_algorithm)(pts_t *this, pts_meas_algorithms_t algorithm);
151
152 /**
153 * Get DH Hash Algorithm
154 *
155 * @return DH hash algorithm
156 */
157 pts_meas_algorithms_t (*get_dh_hash_algorithm)(pts_t *this);
158
159 /**
160 * Set DH Hash Algorithm
161 *
162 * @param algorithm DH hash algorithm
163 */
164 void (*set_dh_hash_algorithm)(pts_t *this, pts_meas_algorithms_t algorithm);
165
166 /**
167 * Create PTS Diffie-Hellman object and nonce
168 *
169 * @param group PTS DH group
170 * @param nonce_len Nonce length
171 * @return TRUE if creation was successful
172 *
173 */
174 bool (*create_dh_nonce)(pts_t *this, pts_dh_group_t group, int nonce_len);
175
176 /**
177 * Get my Diffie-Hellman public value
178 *
179 * @param value My public DH value
180 * @param nonce My DH nonce
181 */
182 void (*get_my_public_value)(pts_t *this, chunk_t *value, chunk_t *nonce);
183
184 /**
185 * Set peer Diffie.Hellman public value
186 *
187 * @param value Peer public DH value
188 * @param nonce Peer DH nonce
189 */
190 void (*set_peer_public_value) (pts_t *this, chunk_t value, chunk_t nonce);
191
192 /**
193 * Calculates assessment secret to be used for TPM Quote as ExternalData
194 *
195 * @return TRUE unless both DH public values
196 * and nonces are set
197 */
198 bool (*calculate_secret) (pts_t *this);
199
200 /**
201 * Get Platform and OS Info
202 *
203 * @return Platform and OS info
204 */
205 char* (*get_platform_info)(pts_t *this);
206
207 /**
208 * Set Platform and OS Info
209 *
210 * @param info Platform and OS info
211 */
212 void (*set_platform_info)(pts_t *this, char *info);
213
214 /**
215 * Get TPM 1.2 Version Info
216 *
217 * @param info chunk containing a TPM_CAP_VERSION_INFO struct
218 * @return TRUE if TPM Version Info available
219 */
220 bool (*get_tpm_version_info)(pts_t *this, chunk_t *info);
221
222 /**
223 * Set TPM 1.2 Version Info
224 *
225 * @param info chunk containing a TPM_CAP_VERSION_INFO struct
226 */
227 void (*set_tpm_version_info)(pts_t *this, chunk_t info);
228
229 /**
230 * Get Attestation Identity Certificate or Public Key
231 *
232 * @return AIK Certificate or Public Key
233 */
234 certificate_t* (*get_aik)(pts_t *this);
235
236 /**
237 * Set Attestation Identity Certificate or Public Key
238 *
239 * @param aik AIK Certificate or Public Key
240 */
241 void (*set_aik)(pts_t *this, certificate_t *aik);
242
243 /**
244 * Check whether path is valid file/directory on filesystem
245 *
246 * @param path Absolute path
247 * @param error_code Output variable for PTS error code
248 * @return TRUE if path is valid or file/directory
249 * doesn't exist or path is invalid
250 * FALSE if local error occured within stat function
251 */
252 bool (*is_path_valid)(pts_t *this, char *path, pts_error_code_t *error_code);
253
254 /**
255 * Compute a hash over a file
256 * @param hasher Hasher to be used
257 * @param pathname Absolute path of a file
258 * @param hash Buffer to keep hash output
259 * @return TRUE if path is valid and hashing succeeded
260 */
261 bool (*hash_file)(pts_t *this, hasher_t *hasher, char *pathname, u_char *hash);
262
263 /**
264 * Do PTS File Measurements
265 *
266 * @param request_id ID of PTS File Measurement Request
267 * @param pathname Absolute pathname of file to be measured
268 * @param is_directory TRUE if directory contents are measured
269 * @return PTS File Measurements of NULL if FAILED
270 */
271 pts_file_meas_t* (*do_measurements)(pts_t *this, u_int16_t request_id,
272 char *pathname, bool is_directory);
273
274 /**
275 * Obtain file metadata
276 *
277 * @param pathname Absolute pathname of file/directory
278 * @param is_directory TRUE if directory contents are requested
279 * @return PTS File Metadata or NULL if FAILED
280 */
281 pts_file_meta_t* (*get_metadata)(pts_t *this, char *pathname,
282 bool is_directory);
283
284 /**
285 * Reads given PCR value and returns it
286 * Expects owner secret to be WELL_KNOWN_SECRET
287 *
288 * @param pcr_num Number of PCR to read
289 * @param pcr_value Chunk to save pcr read output
290 * @return NULL in case of TSS error, PCR value otherwise
291 */
292 bool (*read_pcr)(pts_t *this, u_int32_t pcr_num, chunk_t *pcr_value);
293
294 /**
295 * Extends given PCR with given value
296 * Expects owner secret to be WELL_KNOWN_SECRET
297 *
298 * @param pcr_num Number of PCR to extend
299 * @param input Value to extend
300 * @param output Chunk to save PCR value after extension
301 * @return FALSE in case of TSS error, TRUE otherwise
302 */
303 bool (*extend_pcr)(pts_t *this, u_int32_t pcr_num, chunk_t input,
304 chunk_t *output);
305
306 /**
307 * Quote over PCR's
308 * Expects owner and SRK secret to be WELL_KNOWN_SECRET and no password set for AIK
309 *
310 * @param pcrs Array of PCR's to make quotation over
311 * @param num_of_pcrs Number of elements in pcrs array
312 * @param pcr_composite Chunk to save pcr composite structure
313 * @param quote_signature Chunk to save quote operation output
314 * without external data (anti-replay protection)
315 * @return FALSE in case of TSS error, TRUE otherwise
316 */
317 bool (*quote_tpm)(pts_t *this, u_int32_t *pcrs, u_int32_t num_of_pcrs,
318 chunk_t *pcr_composite, chunk_t *quote_signature);
319
320 /**
321 * Add extended PCR with its corresponding value
322 *
323 * @return FALSE in case of any error or non-match, TRUE otherwise
324 */
325 void (*add_pcr_entry)(pts_t *this, pcr_entry_t *entry);
326
327 /**
328 * Constructs and returns TPM Quote Info structure expected from IMC
329 *
330 * @param pcr_composite Output variable to store PCR Composite
331 * @param quote_info Output variable to store TPM Quote Info
332 * @return FALSE in case of any error, TRUE otherwise
333 */
334 bool (*get_quote_info)(pts_t *this, pts_meas_algorithms_t composite_algo,
335 chunk_t *pcr_composite, chunk_t *quote_info);
336
337 /**
338 * Constructs and returns PCR Quote Digest structure expected from IMC
339 *
340 * @param data Calculated TPM Quote Digest
341 * @param signature TPM Quote Signature received from IMC
342 * @return FALSE in case signature is not verified, TRUE otherwise
343 */
344 bool (*verify_quote_signature)(pts_t *this, chunk_t data, chunk_t signature);
345
346 /**
347 * Destroys a pts_t object.
348 */
349 void (*destroy)(pts_t *this);
350
351 };
352
353 /**
354 * Creates an pts_t object
355 *
356 * @param is_imc TRUE if running on an IMC
357 */
358 pts_t* pts_create(bool is_imc);
359
360 #endif /** PTS_H_ @}*/