Factored IMC/V Attestation build/process of Component Functional Name
[strongswan.git] / src / libpts / pts / pts.h
1 /*
2 * Copyright (C) 2011 Sansar Choinyambuu
3 * HSR Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 /**
17 * @defgroup pts pts
18 * @{ @ingroup pts
19 */
20
21 #ifndef PTS_H_
22 #define PTS_H_
23
24 typedef struct pts_t pts_t;
25 typedef struct pcr_entry_t pcr_entry_t;
26
27 #include "pts_error.h"
28 #include "pts_proto_caps.h"
29 #include "pts_meas_algo.h"
30 #include "pts_file_meas.h"
31 #include "pts_file_meta.h"
32 #include "pts_dh_group.h"
33 #include "pts_funct_comp_evid_req.h"
34 #include "components/pts_comp_func_name.h"
35 #include "components/tcg/tcg_comp_func_name.h"
36 #include "components/ita/ita_comp_func_name.h"
37 #include "components/ita/ita_comp_tboot.h"
38 #include "components/ita/ita_comp_tgrub.h"
39
40 #include <library.h>
41 #include <utils/linked_list.h>
42
43 /**
44 * UTF-8 encoding of the character used to delimiter the filename
45 */
46 #define SOLIDUS_UTF 0x2F
47 #define REVERSE_SOLIDUS_UTF 0x5C
48
49 /**
50 * PCR indices used for measurements of various functional components
51 */
52 #define PCR_BIOS 0
53 #define PCR_PLATFORM_EXT 1
54 #define PCR_MOTHERBOARD 1
55 #define PCR_OPTION_ROMS 2
56 #define PCR_IPL 4
57
58 #define PCR_TBOOT_POLICY 17
59 #define PCR_TBOOT_MLE 18
60
61 #define PCR_TGRUB_MBR_STAGE1 4
62 #define PCR_TGRUB_STAGE2_PART1 8
63 #define PCR_TGRUB_STAGE2_PART2 9
64 #define PCR_TGRUB_CMD_LINE_ARGS 12
65 #define PCR_TGRUB_CHECKFILE 13
66 #define PCR_TGRUB_LOADED_FILES 14
67
68 #define PCR_DEBUG 16
69
70 /**
71 * Number of sequences for functional components
72 */
73 #define TBOOT_SEQUENCE_COUNT 2
74 #define TGRUB_SEQUENCE_COUNT 6
75
76 /**
77 * Length of the generated nonce used for calculation of shared secret
78 */
79 #define ASSESSMENT_SECRET_LEN 20
80
81 /**
82 * Maximum number of PCR's of TPM, TPM Spec 1.2
83 */
84 #define MAX_NUM_PCR 24
85
86 /**
87 * Number of bytes that can be saved in a PCR of TPM, TPM Spec 1.2
88 */
89 #define PCR_LEN 20
90
91 /**
92 * Lenght of the TPM_QUOTE_INFO structure, TPM Spec 1.2
93 */
94 #define TPM_QUOTE_INFO_LEN 48
95
96 /**
97 * Hashing algorithm used by tboot and trustedGRUB
98 */
99 #define TRUSTED_HASH_ALGO PTS_MEAS_ALGO_SHA1
100
101 /**
102 * PCR Entry structure which contains PCR number and current value
103 */
104 struct pcr_entry_t {
105 u_int32_t pcr_number;
106 char pcr_value[PCR_LEN];
107 };
108
109 /**
110 * Class implementing the TCG Platform Trust Service (PTS)
111 *
112 */
113 struct pts_t {
114
115 /**
116 * Get PTS Protocol Capabilities
117 *
118 * @return Protocol capabilities flags
119 */
120 pts_proto_caps_flag_t (*get_proto_caps)(pts_t *this);
121
122 /**
123 * Set PTS Protocol Capabilities
124 *
125 * @param flags Protocol capabilities flags
126 */
127 void (*set_proto_caps)(pts_t *this, pts_proto_caps_flag_t flags);
128
129 /**
130 * Get PTS Measurement Algorithm
131 *
132 * @return PTS measurement algorithm
133 */
134 pts_meas_algorithms_t (*get_meas_algorithm)(pts_t *this);
135
136 /**
137 * Set PTS Measurement Algorithm
138 *
139 * @param algorithm PTS measurement algorithm
140 */
141 void (*set_meas_algorithm)(pts_t *this, pts_meas_algorithms_t algorithm);
142
143 /**
144 * Get DH Hash Algorithm
145 *
146 * @return DH hash algorithm
147 */
148 pts_meas_algorithms_t (*get_dh_hash_algorithm)(pts_t *this);
149
150 /**
151 * Set DH Hash Algorithm
152 *
153 * @param algorithm DH hash algorithm
154 */
155 void (*set_dh_hash_algorithm)(pts_t *this, pts_meas_algorithms_t algorithm);
156
157 /**
158 * Create PTS Diffie-Hellman object and nonce
159 *
160 * @param group PTS DH group
161 * @param nonce_len Nonce length
162 * @return TRUE if creation was successful
163 *
164 */
165 bool (*create_dh_nonce)(pts_t *this, pts_dh_group_t group, int nonce_len);
166
167 /**
168 * Get my Diffie-Hellman public value
169 *
170 * @param value My public DH value
171 * @param nonce My DH nonce
172 */
173 void (*get_my_public_value)(pts_t *this, chunk_t *value, chunk_t *nonce);
174
175 /**
176 * Set peer Diffie.Hellman public value
177 *
178 * @param value Peer public DH value
179 * @param nonce Peer DH nonce
180 */
181 void (*set_peer_public_value) (pts_t *this, chunk_t value, chunk_t nonce);
182
183 /**
184 * Calculates assessment secret to be used for TPM Quote as ExternalData
185 *
186 * @return TRUE unless both DH public values
187 * and nonces are set
188 */
189 bool (*calculate_secret) (pts_t *this);
190
191 /**
192 * Set PTS Diffie Hellman Object
193 *
194 * @param dh D-H object
195 */
196 bool (*create_dh_nonce)(pts_t *this, pts_dh_group_t group, int nonce_len);
197
198 /**
199 * Get my Diffie-Hellman public value
200 *
201 * @param value My public DH value
202 * @param nonce My DH nonce
203 */
204 void (*get_my_public_value)(pts_t *this, chunk_t *value, chunk_t *nonce);
205
206 /**
207 * Set peer Diffie.Hellman public value
208 *
209 * @param value Peer public DH value
210 * @param nonce Peer DH nonce
211 */
212 void (*set_peer_public_value) (pts_t *this, chunk_t value, chunk_t nonce);
213
214 /**
215 * Calculates secret assessment value to be used for TPM Quote as ExternalData
216 *
217 * @return TRUE unless both DH public values
218 * and nonces are set
219 */
220 bool (*calculate_secret) (pts_t *this);
221
222 /**
223 * Get Platform and OS Info
224 *
225 * @return Platform and OS info
226 */
227 char* (*get_platform_info)(pts_t *this);
228
229 /**
230 * Set Platform and OS Info
231 *
232 * @param info Platform and OS info
233 */
234 void (*set_platform_info)(pts_t *this, char *info);
235
236 /**
237 * Get TPM 1.2 Version Info
238 *
239 * @param info chunk containing a TPM_CAP_VERSION_INFO struct
240 * @return TRUE if TPM Version Info available
241 */
242 bool (*get_tpm_version_info)(pts_t *this, chunk_t *info);
243
244 /**
245 * Set TPM 1.2 Version Info
246 *
247 * @param info chunk containing a TPM_CAP_VERSION_INFO struct
248 */
249 void (*set_tpm_version_info)(pts_t *this, chunk_t info);
250
251 /**
252 * Get Attestation Identity Certificate or Public Key
253 *
254 * @return AIK Certificate or Public Key
255 */
256 certificate_t* (*get_aik)(pts_t *this);
257
258 /**
259 * Set Attestation Identity Certificate or Public Key
260 *
261 * @param aik AIK Certificate or Public Key
262 */
263 void (*set_aik)(pts_t *this, certificate_t *aik);
264
265 /**
266 * Check whether path is valid file/directory on filesystem
267 *
268 * @param path Absolute path
269 * @param error_code Output variable for PTS error code
270 * @return TRUE if path is valid or file/directory
271 * doesn't exist or path is invalid
272 * FALSE if local error occured within stat function
273 */
274 bool (*is_path_valid)(pts_t *this, char *path, pts_error_code_t *error_code);
275
276 /**
277 * Compute a hash over a file
278 *
279 * @param hasher Hasher to be used
280 * @param pathname Absolute path of a file
281 * @param hash Buffer to keep hash output
282 * @return TRUE if path is valid and hashing succeeded
283 */
284 bool (*hash_file)(pts_t *this, hasher_t *hasher, char *pathname, u_char *hash);
285
286 /**
287 * Do PTS File Measurements
288 *
289 * @param request_id ID of PTS File Measurement Request
290 * @param pathname Absolute pathname of file to be measured
291 * @param is_directory TRUE if directory contents are measured
292 * @return PTS File Measurements of NULL if FAILED
293 */
294 pts_file_meas_t* (*do_measurements)(pts_t *this, u_int16_t request_id,
295 char *pathname, bool is_directory);
296
297 /**
298 * Obtain file metadata
299 *
300 * @param pathname Absolute pathname of file/directory
301 * @param is_directory TRUE if directory contents are requested
302 * @return PTS File Metadata or NULL if FAILED
303 */
304 pts_file_meta_t* (*get_metadata)(pts_t *this, char *pathname,
305 bool is_directory);
306
307 /**
308 * Reads given PCR value and returns it
309 * Expects owner secret to be WELL_KNOWN_SECRET
310 *
311 * @param pcr_num Number of PCR to read
312 * @param pcr_value Chunk to save pcr read output
313 * @return NULL in case of TSS error, PCR value otherwise
314 */
315 bool (*read_pcr)(pts_t *this, u_int32_t pcr_num, chunk_t *pcr_value);
316
317 /**
318 * Extends given PCR with given value
319 * Expects owner secret to be WELL_KNOWN_SECRET
320 *
321 * @param pcr_num Number of PCR to extend
322 * @param input Value to extend
323 * @param output Chunk to save PCR value after extension
324 * @return FALSE in case of TSS error, TRUE otherwise
325 */
326 bool (*extend_pcr)(pts_t *this, u_int32_t pcr_num, chunk_t input,
327 chunk_t *output);
328
329 /**
330 * Quote over PCR's
331 * Expects owner and SRK secret to be WELL_KNOWN_SECRET and no password set for AIK
332 *
333 * @param use_quote2 Version of the Quote funtion to be used
334 * @param pcrs Array of PCR's to make quotation over
335 * @param num_of_pcrs Number of elements in pcrs array
336 * @param pcr_composite Chunk to save pcr composite structure
337 * @param quote_signature Chunk to save quote operation output
338 * without external data (anti-replay protection)
339 * @return FALSE in case of TSS error, TRUE otherwise
340 */
341 bool (*quote_tpm)(pts_t *this, bool use_quote2,
342 u_int32_t *pcrs, u_int32_t num_of_pcrs,
343 chunk_t *pcr_composite, chunk_t *quote_signature);
344
345 /**
346 * Add extended PCR with its corresponding value
347 *
348 * @return FALSE in case of any error or non-match, TRUE otherwise
349 */
350 void (*add_pcr_entry)(pts_t *this, pcr_entry_t *entry);
351
352 /**
353 * Constructs and returns TPM Quote Info structure expected from IMC
354 *
355 * @param use_quote2 Version of the TPM_QUOTE_INFO to be constructed
356 * @param ver_info_included Version info is concatenated to TPM_QUOTE_INFO2
357 * @param pcr_composite Output variable to store PCR Composite
358 * @param quote_info Output variable to store TPM Quote Info
359 * @return FALSE in case of any error, TRUE otherwise
360 */
361 bool (*get_quote_info)(pts_t *this, bool use_quote2, bool ver_info_included,
362 pts_meas_algorithms_t composite_algo,
363 chunk_t *pcr_composite, chunk_t *quote_info);
364
365 /**
366 * Constructs and returns PCR Quote Digest structure expected from IMC
367 *
368 * @param data Calculated TPM Quote Digest
369 * @param signature TPM Quote Signature received from IMC
370 * @return FALSE in case signature is not verified, TRUE otherwise
371 */
372 bool (*verify_quote_signature)(pts_t *this, chunk_t data, chunk_t signature);
373
374 /**
375 * Reads given PCR value and returns it
376 * Expects owner secret to be WELL_KNOWN_SECRET
377 *
378 * @param pcr_num Number of PCR to read
379 * @param pcr_value Chunk to save pcr read output
380 * @return NULL in case of TSS error, PCR value otherwise
381 */
382 bool (*read_pcr)(pts_t *this, u_int32_t pcr_num, chunk_t *pcr_value);
383
384 /**
385 * Extends given PCR with given value
386 * Expects owner secret to be WELL_KNOWN_SECRET
387 *
388 * @param pcr_num Number of PCR to extend
389 * @param input Value to extend
390 * @param output Chunk to save PCR value after extension
391 * @return FALSE in case of TSS error, TRUE otherwise
392 */
393 bool (*extend_pcr)(pts_t *this, u_int32_t pcr_num, chunk_t input,
394 chunk_t *output);
395
396 /**
397 * Quote over PCR's
398 * Expects owner and SRK secret to be WELL_KNOWN_SECRET and no password set for AIK
399 *
400 * @param pcrs Array of PCR's to make quotation over
401 * @param num_of_pcrs Number of elements in pcrs array
402 * @param pcr_composite Chunk to save pcr composite structure
403 * @param quote_signature Chunk to save quote operation output
404 * without external data (anti-replay protection)
405 * @return FALSE in case of TSS error, TRUE otherwise
406 */
407 bool (*quote_tpm)(pts_t *this, u_int32_t *pcrs, u_int32_t num_of_pcrs,
408 chunk_t *pcr_composite, chunk_t *quote_signature);
409
410 /**
411 * Add extended PCR with its corresponding value
412 *
413 * @return FALSE in case of any error or non-match, TRUE otherwise
414 */
415 void (*add_pcr_entry)(pts_t *this, pcr_entry_t *entry);
416
417 /**
418 * Constructs and returns TPM Quote Info structure expected from IMC
419 *
420 * @param pcr_composite Output variable to store PCR Composite
421 * @param quote_info Output variable to store TPM Quote Info
422 * @return FALSE in case of any error, TRUE otherwise
423 */
424 bool (*get_quote_info)(pts_t *this, chunk_t *pcr_composite,
425 chunk_t *quote_info);
426
427 /**
428 * Constructs and returns PCR Quote Digest structure expected from IMC
429 *
430 * @param data Calculated TPM Quote Digest
431 * @param signature TPM Quote Signature received from IMC
432 * @return FALSE in case signature is not verified, TRUE otherwise
433 */
434 bool (*verify_quote_signature)(pts_t *this, chunk_t data, chunk_t signature);
435
436 /**
437 * Destroys a pts_t object.
438 */
439 void (*destroy)(pts_t *this);
440
441 };
442
443 /**
444 * Creates an pts_t object
445 *
446 * @param is_imc TRUE if running on an IMC
447 */
448 pts_t* pts_create(bool is_imc);
449
450 #endif /** PTS_H_ @}*/
451