libimcv: Moved REST API from imv_swid and imv_swima to libimcv
[strongswan.git] / src / libtpmtss / tpm_tss.h
index 82cb4c6..f408d04 100644 (file)
  */
 
 /**
- * @defgroup tpm_tss tpm_tss
- * @{ @ingroup libtpmtss
+ * @defgroup libtpmtss libtpmtss
+ *
+ * @addtogroup libtpmtss
+ * @{
  */
 
 #ifndef TPM_TSS_H_
 #define TPM_TSS_H_
 
+#include "tpm_tss_quote_info.h"
+
 #include <library.h>
+#include <crypto/hashers/hasher.h>
 
 typedef enum tpm_version_t tpm_version_t;
-typedef enum tpm_quote_mode_t tpm_quote_mode_t;
 typedef struct tpm_tss_t tpm_tss_t;
 
 /**
@@ -37,15 +41,6 @@ enum tpm_version_t {
 };
 
 /**
- * TPM Quote Modes
- */
-enum tpm_quote_mode_t {
-       TPM_QUOTE,
-       TPM_QUOTE2,
-       TPM_QUOTE2_VERSION_INFO
-};
-
-/**
  * TPM access via TSS public interface
  */
 struct tpm_tss_t {
@@ -114,14 +109,39 @@ struct tpm_tss_t {
         * @param pcr_sel               selection of PCR registers
         * @param alg                   hash algorithm to be used for quote signature
         * @param data                  additional data to be hashed into the quote
-        * @param mode                  define current and legacy TPM quote modes
-        * @param pcr_comp              returns hash of PCR composite
-        * @param sig                   returns quote signature
+        * @param quote_mode    define current and legacy TPM quote modes
+        * @param quote_info    returns various info covered by quote signature
+        * @param quote_sig             returns quote signature
         * @return                              TRUE if quote signature succeeded
         */
        bool (*quote)(tpm_tss_t *this, uint32_t aik_handle, uint32_t pcr_sel,
-                                 hash_algorithm_t alg, chunk_t data, tpm_quote_mode_t mode,
-                                 chunk_t *pcr_comp, chunk_t *quote_sig);
+                                 hash_algorithm_t alg, chunk_t data,
+                                 tpm_quote_mode_t *quote_mode,
+                                 tpm_tss_quote_info_t **quote_info, chunk_t *quote_sig);
+
+       /**
+        * Do a signature over a data hash using a TPM key handle (TPM 2.0 only)
+        *
+        * @param handle                object handle of TPM key to be used for signature
+        * @param hierarchy             hierarchy the TPM key object is attached to
+        * @param scheme                scheme to be used for signature
+        * @param data                  data to be hashed and signed
+        * @param pin                   PIN code or empty chunk
+        * @param signature             returns signature
+        * @return                              TRUE if signature succeeded
+        */
+       bool (*sign)(tpm_tss_t *this, uint32_t hierarchy, uint32_t handle,
+                                signature_scheme_t scheme, chunk_t data, chunk_t pin,
+                                chunk_t *signature);
+
+       /**
+        * Get random bytes from the TPM
+        *
+        * @param bytes                 number of random bytes requested
+        * @param buffer                buffer where the random bytes are written into
+        * @return                              TRUE if random bytes could be delivered
+        */
+       bool (*get_random)(tpm_tss_t *this, size_t bytes, uint8_t *buffer);
 
        /**
         * Destroy a tpm_tss_t.
@@ -136,4 +156,9 @@ struct tpm_tss_t {
  */
 tpm_tss_t *tpm_tss_probe(tpm_version_t version);
 
+/**
+ * Dummy libtpmtss initialization function needed for integrity test
+ */
+void libtpmtss_init(void);
+
 #endif /** TPM_TSS_H_ @}*/