Improved implementation of Read PCR/ Extend PCR/ Quote_TPM functions
[strongswan.git] / src / libpts / pts / pts.h
1 /*
2 * Copyright (C) 2011 Sansar Choinyambuu
3 * HSR Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 /**
17 * @defgroup pts pts
18 * @{ @ingroup pts
19 */
20
21 #ifndef PTS_H_
22 #define PTS_H_
23
24 typedef struct pts_t pts_t;
25
26 #include "pts_error.h"
27 #include "pts_proto_caps.h"
28 #include "pts_meas_algo.h"
29 #include "pts_file_meas.h"
30 #include "pts_file_meta.h"
31 #include "pts_dh_group.h"
32
33 #include <library.h>
34 #include <utils/linked_list.h>
35
36 /**
37 * UTF-8 encoding of the character used to delimiter the filename
38 */
39 #define SOLIDUS_UTF 0x2F
40 #define REVERSE_SOLIDUS_UTF 0x5C
41
42 /**
43 * Lenght of the generated nonce used for calculation of shared secret
44 */
45 #define NONCE_LEN 20
46
47 /**
48 * Lenght of the generated nonce used for calculation of shared secret
49 */
50 #define ASSESSMENT_SECRET_LEN 20
51
52 /**
53 * Maximum number of PCR's of TPM, TPM Spec 1.2
54 */
55 #define MAX_NUM_PCR 24
56
57 /**
58 * Number of bytes can be savedin a PCR of TPM, TPM Spec 1.2
59 */
60 #define PCR_LEN 20
61
62 /**
63 * Class implementing the TCG Platform Trust System (PTS)
64 *
65 */
66 struct pts_t {
67
68 /**
69 * Get PTS Protocol Capabilities
70 *
71 * @return protocol capabilities flags
72 */
73 pts_proto_caps_flag_t (*get_proto_caps)(pts_t *this);
74
75 /**
76 * Set PTS Protocol Capabilities
77 *
78 * @param flags protocol capabilities flags
79 */
80 void (*set_proto_caps)(pts_t *this, pts_proto_caps_flag_t flags);
81
82 /**
83 * Get PTS Measurement Algorithm
84 *
85 * @return measurement algorithm
86 */
87 pts_meas_algorithms_t (*get_meas_algorithm)(pts_t *this);
88
89 /**
90 * Set PTS Measurement Algorithm
91 *
92 * @param algorithm measurement algorithm
93 */
94 void (*set_meas_algorithm)(pts_t *this, pts_meas_algorithms_t algorithm);
95
96 /**
97 * Get PTS Diffie Hellman Group
98 *
99 * @return DH Group
100 */
101 pts_dh_group_t (*get_dh_group)(pts_t *this);
102
103 /**
104 * Set PTS Diffie Hellman Group
105 *
106 * @param dh_group DH Group
107 */
108 void (*set_dh_group)(pts_t *this, pts_dh_group_t dh_group);
109
110 /**
111 * Set PTS Diffie Hellman Object
112 *
113 * @param dh D-H object
114 */
115 bool (*create_dh)(pts_t *this, pts_dh_group_t group);
116
117 /**
118 * Gets Own Diffie Hellman Public Value
119 *
120 * @param info chunk to keep own public value
121 */
122 void (*get_my_pub_val)(pts_t *this, chunk_t *pub_value);
123
124 /**
125 * Sets the public value of partner.
126 *
127 * @param value public value of partner
128 */
129 void (*set_other_pub_val) (pts_t *this, chunk_t value);
130
131 /**
132 * Calculates secret assessment value to be used for TPM Quote as an external data
133 *
134 * @param initiator_nonce Initiator nonce (IMV nonce)
135 * @param responder_nonce Responder nonce (IMC nonce)
136 * @param algorithm Hashing algorithm
137 * @return TRUE, FALSE if not both DH public values and
138 * nonces are set
139 */
140 bool (*calculate_secret) (pts_t *this, chunk_t initiator_nonce,
141 chunk_t responder_nonce, pts_meas_algorithms_t algorithm);
142
143 /**
144 * Returns secret assessment value to be used for TPM Quote as an external data
145 *
146 * @return Secret assessment value
147 */
148 chunk_t (*get_secret) (pts_t *this);
149
150 /**
151 * Get Platform and OS Info
152 *
153 * @return platform and OS info
154 */
155 char* (*get_platform_info)(pts_t *this);
156
157 /**
158 * Set Platform and OS Info
159 *
160 * @param info platform and OS info
161 */
162 void (*set_platform_info)(pts_t *this, char *info);
163
164 /**
165 * Get TPM 1.2 Version Info
166 *
167 * @param info chunk containing a TPM_CAP_VERSION_INFO struct
168 * @return TRUE if TPM Version Info available
169 */
170 bool (*get_tpm_version_info)(pts_t *this, chunk_t *info);
171
172 /**
173 * Set TPM 1.2 Version Info
174 *
175 * @param info chunk containing a TPM_CAP_VERSION_INFO struct
176 */
177 void (*set_tpm_version_info)(pts_t *this, chunk_t info);
178
179 /**
180 * Get Attestation Identity Certificate or Public Key
181 *
182 * @return AIK Certificate or Public Key
183 */
184 certificate_t* (*get_aik)(pts_t *this);
185
186 /**
187 * Set Attestation Identity Certificate or Public Key
188 *
189 * @param aik AIK Certificate or Public Key
190 */
191 void (*set_aik)(pts_t *this, certificate_t *aik);
192
193 /**
194 * Check whether path is valid file/directory on filesystem
195 *
196 * @param path Absolute path
197 * @param error_code Output variable for PTS error code
198 * @return TRUE if path is valid or file/directory doesn't exist
199 * or path is invalid
200 * FALSE if local error occurred within stat function
201 */
202 bool (*is_path_valid)(pts_t *this, char *path, pts_error_code_t *error_code);
203
204 /**
205 * Compute a hash over a file
206 * @param hasher Hasher to be used
207 * @param pathname Absolute path of a file
208 * @param hash Buffer to keep hash output
209 * @return TRUE if path is valid and hashing succeeded, FALSE otherwise
210 */
211 bool (*hash_file)(pts_t *this, hasher_t *hasher, char *pathname, u_char *hash);
212
213 /**
214 * Do PTS File Measurements
215 *
216 * @param request_id ID of PTS File Measurement Request
217 * @param pathname Absolute pathname of file to be measured
218 * @param is_directory if TRUE directory contents are measured
219 * @return PTS File Measurements of NULL if FAILED
220 */
221 pts_file_meas_t* (*do_measurements)(pts_t *this, u_int16_t request_id,
222 char *pathname, bool is_directory);
223
224 /**
225 * Obtain file metadata
226 *
227 * @param pathname Absolute pathname of file/directory
228 * @param is_directory if TRUE directory contents are requested
229 * @return PTS File Metadata or NULL if FAILED
230 */
231 pts_file_meta_t* (*get_metadata)(pts_t *this, char *pathname, bool is_directory);
232
233 /**
234 * Reads given PCR value and returns it
235 * Expects owner secret to be WELL_KNOWN_SECRET
236 *
237 * @param pcr_num Number of PCR to read
238 * @param pcr_value Chunk to save pcr read output
239 * @return NULL in case of TSS error, PCR value otherwise
240 */
241 bool (*read_pcr)(pts_t *this, u_int32_t pcr_num, chunk_t *pcr_value);
242
243 /**
244 * Extends given PCR with given value
245 * Expects owner secret to be WELL_KNOWN_SECRET
246 *
247 * @param pcr_num Number of PCR to extend
248 * @param input Value to extend
249 * @param output Chunk to save PCR value after extension
250 * @return FALSE in case of TSS error, TRUE otherwise
251 */
252 bool (*extend_pcr)(pts_t *this, u_int32_t pcr_num, chunk_t input, chunk_t *output);
253
254 /**
255 * Quote over PCR's
256 * Expects owner and SRK secret to be WELL_KNOWN_SECRET and no password set for AIK
257 *
258 * @param pcrs List of PCR's to make quotation over
259 * @param pcr_composite Chunk to save pcr composite structure
260 * @param quote_signature Chunk to save quote operation output
261 * without external data (anti-replay protection)
262 * @return FALSE in case of TSS error, TRUE otherwise
263 */
264 bool (*quote_tpm)(pts_t *this, linked_list_t *pcrs,
265 chunk_t *pcr_composite, chunk_t *quote_signature);
266
267 /**
268 * Destroys a pts_t object.
269 */
270 void (*destroy)(pts_t *this);
271
272 };
273
274 /**
275 * Creates an pts_t object
276 *
277 * @param is_imc TRUE if running on an IMC
278 */
279 pts_t* pts_create(bool is_imc);
280
281 #endif /** PTS_H_ @}*/