libimcv: Moved REST API from imv_swid and imv_swima to libimcv
[strongswan.git] / src / libtpmtss / tpm_tss.h
index ad630e3..f408d04 100644 (file)
  */
 
 /**
- * @defgroup tpm_tss tpm_tss
- * @{ @ingroup libtpmtss
+ * @defgroup libtpmtss libtpmtss
+ *
+ * @addtogroup libtpmtss
+ * @{
  */
 
 #ifndef TPM_TSS_H_
 #define TPM_TSS_H_
 
+#include "tpm_tss_quote_info.h"
+
 #include <library.h>
+#include <crypto/hashers/hasher.h>
 
 typedef enum tpm_version_t tpm_version_t;
 typedef struct tpm_tss_t tpm_tss_t;
@@ -75,6 +80,70 @@ struct tpm_tss_t {
        chunk_t (*get_public)(tpm_tss_t *this, uint32_t handle);
 
        /**
+        * Retrieve the current value of a PCR register in a given PCR bank
+        *
+        * @param pcr_num               PCR number
+        * @param pcr_value             PCR value returned
+        * @param alg                   hash algorithm, selects PCR bank (TPM 2.0 only)
+        * @return                              TRUE if PCR value retrieval succeeded
+        */
+       bool (*read_pcr)(tpm_tss_t *this, uint32_t pcr_num, chunk_t *pcr_value,
+                                        hash_algorithm_t alg);
+
+       /**
+        * Extend a PCR register in a given PCR bank with a hash value
+        *
+        * @param pcr_num               PCR number
+        * @param pcr_value             extended PCR value returned
+        * @param hash                  data to be extended into the PCR
+        * @param alg                   hash algorithm, selects PCR bank (TPM 2.0 only)
+        * @return                              TRUE if PCR extension succeeded
+        */
+       bool (*extend_pcr)(tpm_tss_t *this, uint32_t pcr_num, chunk_t *pcr_value,
+                                          chunk_t data, hash_algorithm_t alg);
+
+       /**
+        * Do a quote signature over a selection of PCR registers
+        *
+        * @param aik_handle    object handle of AIK to be used for quote signature
+        * @param pcr_sel               selection of PCR registers
+        * @param alg                   hash algorithm to be used for quote signature
+        * @param data                  additional data to be hashed into the quote
+        * @param quote_mode    define current and legacy TPM quote modes
+        * @param quote_info    returns various info covered by quote signature
+        * @param quote_sig             returns quote signature
+        * @return                              TRUE if quote signature succeeded
+        */
+       bool (*quote)(tpm_tss_t *this, uint32_t aik_handle, uint32_t pcr_sel,
+                                 hash_algorithm_t alg, chunk_t data,
+                                 tpm_quote_mode_t *quote_mode,
+                                 tpm_tss_quote_info_t **quote_info, chunk_t *quote_sig);
+
+       /**
+        * Do a signature over a data hash using a TPM key handle (TPM 2.0 only)
+        *
+        * @param handle                object handle of TPM key to be used for signature
+        * @param hierarchy             hierarchy the TPM key object is attached to
+        * @param scheme                scheme to be used for signature
+        * @param data                  data to be hashed and signed
+        * @param pin                   PIN code or empty chunk
+        * @param signature             returns signature
+        * @return                              TRUE if signature succeeded
+        */
+       bool (*sign)(tpm_tss_t *this, uint32_t hierarchy, uint32_t handle,
+                                signature_scheme_t scheme, chunk_t data, chunk_t pin,
+                                chunk_t *signature);
+
+       /**
+        * Get random bytes from the TPM
+        *
+        * @param bytes                 number of random bytes requested
+        * @param buffer                buffer where the random bytes are written into
+        * @return                              TRUE if random bytes could be delivered
+        */
+       bool (*get_random)(tpm_tss_t *this, size_t bytes, uint8_t *buffer);
+
+       /**
         * Destroy a tpm_tss_t.
         */
        void (*destroy)(tpm_tss_t *this);
@@ -87,4 +156,9 @@ struct tpm_tss_t {
  */
 tpm_tss_t *tpm_tss_probe(tpm_version_t version);
 
+/**
+ * Dummy libtpmtss initialization function needed for integrity test
+ */
+void libtpmtss_init(void);
+
 #endif /** TPM_TSS_H_ @}*/