932bf2f6924eb74d98f0f3e92b74acf2c562c688
[strongswan.git] / src / libpts / pts / pts.h
1 /*
2 * Copyright (C) 2011 Sansar Choinyambuu
3 * HSR Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 /**
17 * @defgroup pts pts
18 * @{ @ingroup pts
19 */
20
21 #ifndef PTS_H_
22 #define PTS_H_
23
24 typedef struct pts_t pts_t;
25 typedef struct pcr_entry_t pcr_entry_t;
26
27 #include "pts_error.h"
28 #include "pts_proto_caps.h"
29 #include "pts_meas_algo.h"
30 #include "pts_file_meas.h"
31 #include "pts_file_meta.h"
32 #include "pts_dh_group.h"
33
34 #include <library.h>
35 #include <utils/linked_list.h>
36
37 /**
38 * UTF-8 encoding of the character used to delimiter the filename
39 */
40 #define SOLIDUS_UTF 0x2F
41 #define REVERSE_SOLIDUS_UTF 0x5C
42
43 /**
44 * Length of the generated nonce used for calculation of shared secret
45 */
46 #define ASSESSMENT_SECRET_LEN 20
47
48 /**
49 * Maximum number of PCR's of TPM, TPM Spec 1.2
50 */
51 #define MAX_NUM_PCR 24
52
53 /**
54 * Number of bytes that can be saved in a PCR of TPM, TPM Spec 1.2
55 */
56 #define PCR_LEN 20
57
58 /**
59 * Lenght of the TPM_QUOTE_INFO structure, TPM Spec 1.2
60 */
61 #define TPM_QUOTE_INFO_LEN 48
62
63 /**
64 * Bitmask Lenght for PCR Composite structure
65 */
66 #define PCR_MASK_LEN MAX_NUM_PCR / 8
67
68 /**
69 * PCR Entry structure which contains PCR number and current value
70 */
71 struct pcr_entry_t {
72 u_int32_t pcr_number;
73 char pcr_value[PCR_LEN];
74 };
75
76 /**
77 * Class implementing the TCG Platform Trust Service (PTS)
78 *
79 */
80 struct pts_t {
81
82 /**
83 * Get PTS Protocol Capabilities
84 *
85 * @return Protocol capabilities flags
86 */
87 pts_proto_caps_flag_t (*get_proto_caps)(pts_t *this);
88
89 /**
90 * Set PTS Protocol Capabilities
91 *
92 * @param flags Protocol capabilities flags
93 */
94 void (*set_proto_caps)(pts_t *this, pts_proto_caps_flag_t flags);
95
96 /**
97 * Get PTS Measurement Algorithm
98 *
99 * @return PTS measurement algorithm
100 */
101 pts_meas_algorithms_t (*get_meas_algorithm)(pts_t *this);
102
103 /**
104 * Set PTS Measurement Algorithm
105 *
106 * @param algorithm PTS measurement algorithm
107 */
108 void (*set_meas_algorithm)(pts_t *this, pts_meas_algorithms_t algorithm);
109
110 /**
111 * Get DH Hash Algorithm
112 *
113 * @return DH hash algorithm
114 */
115 pts_meas_algorithms_t (*get_dh_hash_algorithm)(pts_t *this);
116
117 /**
118 * Set DH Hash Algorithm
119 *
120 * @param algorithm DH hash algorithm
121 */
122 void (*set_dh_hash_algorithm)(pts_t *this, pts_meas_algorithms_t algorithm);
123
124 /**
125 * Create PTS Diffie-Hellman object and nonce
126 *
127 * @param group PTS DH group
128 * @param nonce_len Nonce length
129 * @return TRUE if creation was successful
130 *
131 */
132 bool (*create_dh_nonce)(pts_t *this, pts_dh_group_t group, int nonce_len);
133
134 /**
135 * Get my Diffie-Hellman public value
136 *
137 * @param value My public DH value
138 * @param nonce My DH nonce
139 */
140 void (*get_my_public_value)(pts_t *this, chunk_t *value, chunk_t *nonce);
141
142 /**
143 * Set peer Diffie.Hellman public value
144 *
145 * @param value Peer public DH value
146 * @param nonce Peer DH nonce
147 */
148 void (*set_peer_public_value) (pts_t *this, chunk_t value, chunk_t nonce);
149
150 /**
151 * Calculates assessment secret to be used for TPM Quote as ExternalData
152 *
153 * @return TRUE unless both DH public values
154 * and nonces are set
155 */
156 bool (*calculate_secret) (pts_t *this);
157
158 /**
159 * Get Platform and OS Info
160 *
161 * @return Platform and OS info
162 */
163 char* (*get_platform_info)(pts_t *this);
164
165 /**
166 * Set Platform and OS Info
167 *
168 * @param info Platform and OS info
169 */
170 void (*set_platform_info)(pts_t *this, char *info);
171
172 /**
173 * Get TPM 1.2 Version Info
174 *
175 * @param info chunk containing a TPM_CAP_VERSION_INFO struct
176 * @return TRUE if TPM Version Info available
177 */
178 bool (*get_tpm_version_info)(pts_t *this, chunk_t *info);
179
180 /**
181 * Set TPM 1.2 Version Info
182 *
183 * @param info chunk containing a TPM_CAP_VERSION_INFO struct
184 */
185 void (*set_tpm_version_info)(pts_t *this, chunk_t info);
186
187 /**
188 * Get Attestation Identity Certificate or Public Key
189 *
190 * @return AIK Certificate or Public Key
191 */
192 certificate_t* (*get_aik)(pts_t *this);
193
194 /**
195 * Set Attestation Identity Certificate or Public Key
196 *
197 * @param aik AIK Certificate or Public Key
198 */
199 void (*set_aik)(pts_t *this, certificate_t *aik);
200
201 /**
202 * Check whether path is valid file/directory on filesystem
203 *
204 * @param path Absolute path
205 * @param error_code Output variable for PTS error code
206 * @return TRUE if path is valid or file/directory
207 * doesn't exist or path is invalid
208 * FALSE if local error occured within stat function
209 */
210 bool (*is_path_valid)(pts_t *this, char *path, pts_error_code_t *error_code);
211
212 /**
213 * Compute a hash over a file
214 * @param hasher Hasher to be used
215 * @param pathname Absolute path of a file
216 * @param hash Buffer to keep hash output
217 * @return TRUE if path is valid and hashing succeeded
218 */
219 bool (*hash_file)(pts_t *this, hasher_t *hasher, char *pathname, u_char *hash);
220
221 /**
222 * Do PTS File Measurements
223 *
224 * @param request_id ID of PTS File Measurement Request
225 * @param pathname Absolute pathname of file to be measured
226 * @param is_directory TRUE if directory contents are measured
227 * @return PTS File Measurements of NULL if FAILED
228 */
229 pts_file_meas_t* (*do_measurements)(pts_t *this, u_int16_t request_id,
230 char *pathname, bool is_directory);
231
232 /**
233 * Obtain file metadata
234 *
235 * @param pathname Absolute pathname of file/directory
236 * @param is_directory TRUE if directory contents are requested
237 * @return PTS File Metadata or NULL if FAILED
238 */
239 pts_file_meta_t* (*get_metadata)(pts_t *this, char *pathname,
240 bool is_directory);
241
242 /**
243 * Reads given PCR value and returns it
244 * Expects owner secret to be WELL_KNOWN_SECRET
245 *
246 * @param pcr_num Number of PCR to read
247 * @param pcr_value Chunk to save pcr read output
248 * @return NULL in case of TSS error, PCR value otherwise
249 */
250 bool (*read_pcr)(pts_t *this, u_int32_t pcr_num, chunk_t *pcr_value);
251
252 /**
253 * Extends given PCR with given value
254 * Expects owner secret to be WELL_KNOWN_SECRET
255 *
256 * @param pcr_num Number of PCR to extend
257 * @param input Value to extend
258 * @param output Chunk to save PCR value after extension
259 * @return FALSE in case of TSS error, TRUE otherwise
260 */
261 bool (*extend_pcr)(pts_t *this, u_int32_t pcr_num, chunk_t input,
262 chunk_t *output);
263
264 /**
265 * Quote over PCR's
266 * Expects owner and SRK secret to be WELL_KNOWN_SECRET and no password set for AIK
267 *
268 * @param pcrs Array of PCR's to make quotation over
269 * @param num_of_pcrs Number of elements in pcrs array
270 * @param pcr_composite Chunk to save pcr composite structure
271 * @param quote_signature Chunk to save quote operation output
272 * without external data (anti-replay protection)
273 * @return FALSE in case of TSS error, TRUE otherwise
274 */
275 bool (*quote_tpm)(pts_t *this, u_int32_t *pcrs, u_int32_t num_of_pcrs,
276 chunk_t *pcr_composite, chunk_t *quote_signature);
277
278 /**
279 * Add extended PCR with its corresponding value
280 *
281 * @return FALSE in case of any error or non-match, TRUE otherwise
282 */
283 void (*add_pcr_entry)(pts_t *this, pcr_entry_t *entry);
284
285 /**
286 * Constructs and returns TPM Quote Info structure expected from IMC
287 *
288 * @param pcr_composite Output variable to store PCR Composite
289 * @param quote_info Output variable to store TPM Quote Info
290 * @return FALSE in case of any error, TRUE otherwise
291 */
292 bool (*get_quote_info)(pts_t *this, chunk_t *pcr_composite,
293 chunk_t *quote_info);
294
295 /**
296 * Constructs and returns PCR Quote Digest structure expected from IMC
297 *
298 * @param data Calculated TPM Quote Digest
299 * @param signature TPM Quote Signature received from IMC
300 * @return FALSE in case signature is not verified, TRUE otherwise
301 */
302 bool (*verify_quote_signature)(pts_t *this, chunk_t data, chunk_t signature);
303
304 /**
305 * Destroys a pts_t object.
306 */
307 void (*destroy)(pts_t *this);
308
309 };
310
311 /**
312 * Creates an pts_t object
313 *
314 * @param is_imc TRUE if running on an IMC
315 */
316 pts_t* pts_create(bool is_imc);
317
318 #endif /** PTS_H_ @}*/