cd9314d8309dcf2eee38bc3779d5505ed4543955
[strongswan.git] / src / libpts / pts / pts.h
1 /*
2 * Copyright (C) 2011 Sansar Choinyambuu
3 * HSR Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 /**
17 * @defgroup pts pts
18 * @{ @ingroup pts
19 */
20
21 #ifndef PTS_H_
22 #define PTS_H_
23
24 typedef struct pts_t pts_t;
25 typedef struct pcr_entry_t pcr_entry_t;
26
27 #include "pts_error.h"
28 #include "pts_proto_caps.h"
29 #include "pts_meas_algo.h"
30 #include "pts_file_meas.h"
31 #include "pts_file_meta.h"
32 #include "pts_dh_group.h"
33
34 #include <library.h>
35 #include <utils/linked_list.h>
36
37 /**
38 * UTF-8 encoding of the character used to delimiter the filename
39 */
40 #define SOLIDUS_UTF 0x2F
41 #define REVERSE_SOLIDUS_UTF 0x5C
42
43 /**
44 * PCR indices used for measurements of various functional components
45 */
46 #define PCR_BIOS 0
47 #define PCR_PLATFORM_EXT 1
48 #define PCR_MOTHERBOARD 1
49 #define PCR_OPTION_ROMS 2
50 #define PCR_IPL 4
51
52 #define PCR_TBOOT_POLICY 17
53 #define PCR_TBOOT_MLE 18
54
55 #define PCR_TGRUB_MBR_STAGE1 4
56 #define PCR_TGRUB_STAGE2_PART1 8
57 #define PCR_TGRUB_STAGE2_PART2 9
58 #define PCR_TGRUB_CMD_LINE_ARGS 12
59 #define PCR_TGRUB_CHECKFILE 13
60 #define PCR_TGRUB_LOADED_FILES 14
61
62
63 /**
64 * Length of the generated nonce used for calculation of shared secret
65 */
66 #define ASSESSMENT_SECRET_LEN 20
67
68 /**
69 * Maximum number of PCR's of TPM, TPM Spec 1.2
70 */
71 #define MAX_NUM_PCR 24
72
73 /**
74 * Number of bytes that can be saved in a PCR of TPM, TPM Spec 1.2
75 */
76 #define PCR_LEN 20
77
78 /**
79 * Lenght of the TPM_QUOTE_INFO structure, TPM Spec 1.2
80 */
81 #define TPM_QUOTE_INFO_LEN 48
82
83 /**
84 * Hashing algorithm used by tboot and trustedGRUB
85 */
86 #define TRUSTED_HASH_ALGO PTS_MEAS_ALGO_SHA1
87
88 /**
89 * PCR Entry structure which contains PCR number and current value
90 */
91 struct pcr_entry_t {
92 u_int32_t pcr_number;
93 char pcr_value[PCR_LEN];
94 };
95
96 /**
97 * Class implementing the TCG Platform Trust Service (PTS)
98 *
99 */
100 struct pts_t {
101
102 /**
103 * Get PTS Protocol Capabilities
104 *
105 * @return Protocol capabilities flags
106 */
107 pts_proto_caps_flag_t (*get_proto_caps)(pts_t *this);
108
109 /**
110 * Set PTS Protocol Capabilities
111 *
112 * @param flags Protocol capabilities flags
113 */
114 void (*set_proto_caps)(pts_t *this, pts_proto_caps_flag_t flags);
115
116 /**
117 * Get PTS Measurement Algorithm
118 *
119 * @return PTS measurement algorithm
120 */
121 pts_meas_algorithms_t (*get_meas_algorithm)(pts_t *this);
122
123 /**
124 * Set PTS Measurement Algorithm
125 *
126 * @param algorithm PTS measurement algorithm
127 */
128 void (*set_meas_algorithm)(pts_t *this, pts_meas_algorithms_t algorithm);
129
130 /**
131 * Get DH Hash Algorithm
132 *
133 * @return DH hash algorithm
134 */
135 pts_meas_algorithms_t (*get_dh_hash_algorithm)(pts_t *this);
136
137 /**
138 * Set DH Hash Algorithm
139 *
140 * @param algorithm DH hash algorithm
141 */
142 void (*set_dh_hash_algorithm)(pts_t *this, pts_meas_algorithms_t algorithm);
143
144 /**
145 * Create PTS Diffie-Hellman object and nonce
146 *
147 * @param group PTS DH group
148 * @param nonce_len Nonce length
149 * @return TRUE if creation was successful
150 *
151 */
152 bool (*create_dh_nonce)(pts_t *this, pts_dh_group_t group, int nonce_len);
153
154 /**
155 * Get my Diffie-Hellman public value
156 *
157 * @param value My public DH value
158 * @param nonce My DH nonce
159 */
160 void (*get_my_public_value)(pts_t *this, chunk_t *value, chunk_t *nonce);
161
162 /**
163 * Set peer Diffie.Hellman public value
164 *
165 * @param value Peer public DH value
166 * @param nonce Peer DH nonce
167 */
168 void (*set_peer_public_value) (pts_t *this, chunk_t value, chunk_t nonce);
169
170 /**
171 * Calculates assessment secret to be used for TPM Quote as ExternalData
172 *
173 * @return TRUE unless both DH public values
174 * and nonces are set
175 */
176 bool (*calculate_secret) (pts_t *this);
177
178 /**
179 * Set PTS Diffie Hellman Object
180 *
181 * @param dh D-H object
182 */
183 bool (*create_dh)(pts_t *this, pts_dh_group_t group);
184
185 /**
186 * Get my Diffie-Hellman public value
187 *
188 * @param value My public DH value
189 */
190 void (*get_my_public_value)(pts_t *this, chunk_t *value);
191
192 /**
193 * Set peer Diffie.Hellman public value
194 *
195 * @param value Peer public DH value
196 */
197 void (*set_peer_public_value) (pts_t *this, chunk_t value);
198
199 /**
200 * Calculates secret assessment value to be used for TPM Quote as an external data
201 *
202 * @param initiator_nonce Initiator nonce (IMV nonce)
203 * @param responder_nonce Responder nonce (IMC nonce)
204 * @param algorithm Hashing algorithm
205 * @return TRUE unless both DH public values
206 * and nonces are set
207 */
208 bool (*calculate_secret) (pts_t *this, chunk_t initiator_nonce,
209 chunk_t responder_nonce,
210 pts_meas_algorithms_t algorithm);
211
212 /**
213 * Returns secret assessment value to be used for TPM Quote as an external data
214 *
215 * @return Secret assessment value
216 */
217 chunk_t (*get_secret) (pts_t *this);
218
219 /**
220 * Get Platform and OS Info
221 *
222 * @return Platform and OS info
223 */
224 char* (*get_platform_info)(pts_t *this);
225
226 /**
227 * Set Platform and OS Info
228 *
229 * @param info Platform and OS info
230 */
231 void (*set_platform_info)(pts_t *this, char *info);
232
233 /**
234 * Get TPM 1.2 Version Info
235 *
236 * @param info chunk containing a TPM_CAP_VERSION_INFO struct
237 * @return TRUE if TPM Version Info available
238 */
239 bool (*get_tpm_version_info)(pts_t *this, chunk_t *info);
240
241 /**
242 * Set TPM 1.2 Version Info
243 *
244 * @param info chunk containing a TPM_CAP_VERSION_INFO struct
245 */
246 void (*set_tpm_version_info)(pts_t *this, chunk_t info);
247
248 /**
249 * Get Attestation Identity Certificate or Public Key
250 *
251 * @return AIK Certificate or Public Key
252 */
253 certificate_t* (*get_aik)(pts_t *this);
254
255 /**
256 * Set Attestation Identity Certificate or Public Key
257 *
258 * @param aik AIK Certificate or Public Key
259 */
260 void (*set_aik)(pts_t *this, certificate_t *aik);
261
262 /**
263 * Check whether path is valid file/directory on filesystem
264 *
265 * @param path Absolute path
266 * @param error_code Output variable for PTS error code
267 * @return TRUE if path is valid or file/directory
268 * doesn't exist or path is invalid
269 * FALSE if local error occured within stat function
270 */
271 bool (*is_path_valid)(pts_t *this, char *path, pts_error_code_t *error_code);
272
273 /**
274 * Compute a hash over a file
275 *
276 * @param hasher Hasher to be used
277 * @param pathname Absolute path of a file
278 * @param hash Buffer to keep hash output
279 * @return TRUE if path is valid and hashing succeeded
280 */
281 bool (*hash_file)(pts_t *this, hasher_t *hasher, char *pathname, u_char *hash);
282
283 /**
284 * Do PTS File Measurements
285 *
286 * @param request_id ID of PTS File Measurement Request
287 * @param pathname Absolute pathname of file to be measured
288 * @param is_directory TRUE if directory contents are measured
289 * @return PTS File Measurements of NULL if FAILED
290 */
291 pts_file_meas_t* (*do_measurements)(pts_t *this, u_int16_t request_id,
292 char *pathname, bool is_directory);
293
294 /**
295 * Obtain file metadata
296 *
297 * @param pathname Absolute pathname of file/directory
298 * @param is_directory TRUE if directory contents are requested
299 * @return PTS File Metadata or NULL if FAILED
300 */
301 pts_file_meta_t* (*get_metadata)(pts_t *this, char *pathname,
302 bool is_directory);
303
304 /**
305 * Reads given PCR value and returns it
306 * Expects owner secret to be WELL_KNOWN_SECRET
307 *
308 * @param pcr_num Number of PCR to read
309 * @param pcr_value Chunk to save pcr read output
310 * @return NULL in case of TSS error, PCR value otherwise
311 */
312 bool (*read_pcr)(pts_t *this, u_int32_t pcr_num, chunk_t *pcr_value);
313
314 /**
315 * Extends given PCR with given value
316 * Expects owner secret to be WELL_KNOWN_SECRET
317 *
318 * @param pcr_num Number of PCR to extend
319 * @param input Value to extend
320 * @param output Chunk to save PCR value after extension
321 * @return FALSE in case of TSS error, TRUE otherwise
322 */
323 bool (*extend_pcr)(pts_t *this, u_int32_t pcr_num, chunk_t input,
324 chunk_t *output);
325
326 /**
327 * Quote over PCR's
328 * Expects owner and SRK secret to be WELL_KNOWN_SECRET and no password set for AIK
329 *
330 * @param pcrs Array of PCR's to make quotation over
331 * @param num_of_pcrs Number of elements in pcrs array
332 * @param pcr_composite Chunk to save pcr composite structure
333 * @param quote_signature Chunk to save quote operation output
334 * without external data (anti-replay protection)
335 * @return FALSE in case of TSS error, TRUE otherwise
336 */
337 bool (*quote_tpm)(pts_t *this, u_int32_t *pcrs, u_int32_t num_of_pcrs,
338 chunk_t *pcr_composite, chunk_t *quote_signature);
339
340 /**
341 * Add extended PCR with its corresponding value
342 *
343 * @return FALSE in case of any error or non-match, TRUE otherwise
344 */
345 void (*add_pcr_entry)(pts_t *this, pcr_entry_t *entry);
346
347 /**
348 * Constructs and returns TPM Quote Info structure expected from IMC
349 *
350 * @param pcr_composite Output variable to store PCR Composite
351 * @param quote_info Output variable to store TPM Quote Info
352 * @return FALSE in case of any error, TRUE otherwise
353 */
354 bool (*get_quote_info)(pts_t *this, pts_meas_algorithms_t composite_algo,
355 chunk_t *pcr_composite, chunk_t *quote_info);
356
357 /**
358 * Constructs and returns PCR Quote Digest structure expected from IMC
359 *
360 * @param data Calculated TPM Quote Digest
361 * @param signature TPM Quote Signature received from IMC
362 * @return FALSE in case signature is not verified, TRUE otherwise
363 */
364 bool (*verify_quote_signature)(pts_t *this, chunk_t data, chunk_t signature);
365
366 /**
367 * Reads given PCR value and returns it
368 * Expects owner secret to be WELL_KNOWN_SECRET
369 *
370 * @param pcr_num Number of PCR to read
371 * @param pcr_value Chunk to save pcr read output
372 * @return NULL in case of TSS error, PCR value otherwise
373 */
374 bool (*read_pcr)(pts_t *this, u_int32_t pcr_num, chunk_t *pcr_value);
375
376 /**
377 * Extends given PCR with given value
378 * Expects owner secret to be WELL_KNOWN_SECRET
379 *
380 * @param pcr_num Number of PCR to extend
381 * @param input Value to extend
382 * @param output Chunk to save PCR value after extension
383 * @return FALSE in case of TSS error, TRUE otherwise
384 */
385 bool (*extend_pcr)(pts_t *this, u_int32_t pcr_num, chunk_t input, chunk_t *output);
386
387 /**
388 * Quote over PCR's
389 * Expects owner and SRK secret to be WELL_KNOWN_SECRET and no password set for AIK
390 *
391 * @param pcrs List of PCR's to make quotation over
392 * @param pcr_composite Chunk to save pcr composite structure
393 * @param quote_signature Chunk to save quote operation output
394 * without external data (anti-replay protection)
395 * @return FALSE in case of TSS error, TRUE otherwise
396 */
397 bool (*quote_tpm)(pts_t *this, linked_list_t *pcrs,
398 chunk_t *pcr_composite, chunk_t *quote_signature);
399
400 /**
401 * Destroys a pts_t object.
402 */
403 void (*destroy)(pts_t *this);
404
405 };
406
407 /**
408 * Creates an pts_t object
409 *
410 * @param is_imc TRUE if running on an IMC
411 */
412 pts_t* pts_create(bool is_imc);
413
414 #endif /** PTS_H_ @}*/
415