Annotation of embedaddon/strongswan/src/libimcv/pts/pts.h, revision 1.1
1.1 ! misho 1: /*
! 2: * Copyright (C) 2011 Sansar Choinyambuu
! 3: * Copyright (C) 2012-2016 Andreas Steffen
! 4: * HSR Hochschule fuer Technik Rapperswil
! 5: *
! 6: * This program is free software; you can redistribute it and/or modify it
! 7: * under the terms of the GNU General Public License as published by the
! 8: * Free Software Foundation; either version 2 of the License, or (at your
! 9: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
! 10: *
! 11: * This program is distributed in the hope that it will be useful, but
! 12: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
! 13: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
! 14: * for more details.
! 15: */
! 16:
! 17: /**
! 18: * @defgroup pts pts
! 19: * @{ @ingroup libimcv
! 20: */
! 21:
! 22: #ifndef PTS_H_
! 23: #define PTS_H_
! 24:
! 25: typedef struct pts_t pts_t;
! 26:
! 27: #include "pts_error.h"
! 28: #include "pts_proto_caps.h"
! 29: #include "pts_meas_algo.h"
! 30: #include "pts_file_meas.h"
! 31: #include "pts_file_meta.h"
! 32: #include "pts_dh_group.h"
! 33: #include "pts_pcr.h"
! 34: #include "pts_req_func_comp_evid.h"
! 35: #include "components/pts_comp_func_name.h"
! 36:
! 37: #include <tpm_tss_quote_info.h>
! 38:
! 39: #include <library.h>
! 40: #include <collections/linked_list.h>
! 41:
! 42: /**
! 43: * UTF-8 encoding of the character used to delimiter the filename
! 44: */
! 45: #define SOLIDUS_UTF 0x2F
! 46: #define REVERSE_SOLIDUS_UTF 0x5C
! 47:
! 48: /**
! 49: * PCR indices used for measurements of various functional components
! 50: */
! 51: #define PCR_BIOS 0
! 52: #define PCR_PLATFORM_EXT 1
! 53: #define PCR_MOTHERBOARD 1
! 54: #define PCR_OPTION_ROMS 2
! 55: #define PCR_IPL 4
! 56:
! 57: #define PCR_TBOOT_POLICY 17
! 58: #define PCR_TBOOT_MLE 18
! 59:
! 60: #define PCR_TGRUB_MBR_STAGE1 4
! 61: #define PCR_TGRUB_STAGE2_PART1 8
! 62: #define PCR_TGRUB_STAGE2_PART2 9
! 63: #define PCR_TGRUB_CMD_LINE_ARGS 12
! 64: #define PCR_TGRUB_CHECKFILE 13
! 65: #define PCR_TGRUB_LOADED_FILES 14
! 66:
! 67: #define PCR_DEBUG 16
! 68:
! 69: /**
! 70: * Length of the generated nonce used for calculation of shared secret
! 71: */
! 72: #define ASSESSMENT_SECRET_LEN 20
! 73:
! 74: /**
! 75: * Hashing algorithm used by tboot and trustedGRUB
! 76: */
! 77: #define TRUSTED_HASH_ALGO PTS_MEAS_ALGO_SHA1
! 78:
! 79: /**
! 80: * Class implementing the TCG Platform Trust Service (PTS)
! 81: *
! 82: */
! 83: struct pts_t {
! 84:
! 85: /**
! 86: * Get PTS Protocol Capabilities
! 87: *
! 88: * @return Protocol capabilities flags
! 89: */
! 90: pts_proto_caps_flag_t (*get_proto_caps)(pts_t *this);
! 91:
! 92: /**
! 93: * Set PTS Protocol Capabilities
! 94: *
! 95: * @param flags Protocol capabilities flags
! 96: */
! 97: void (*set_proto_caps)(pts_t *this, pts_proto_caps_flag_t flags);
! 98:
! 99: /**
! 100: * Get PTS Measurement Algorithm
! 101: *
! 102: * @return PTS measurement algorithm
! 103: */
! 104: pts_meas_algorithms_t (*get_meas_algorithm)(pts_t *this);
! 105:
! 106: /**
! 107: * Set PTS Measurement Algorithm
! 108: *
! 109: * @param algorithm PTS measurement algorithm
! 110: */
! 111: void (*set_meas_algorithm)(pts_t *this, pts_meas_algorithms_t algorithm);
! 112:
! 113: /**
! 114: * Get DH Hash Algorithm
! 115: *
! 116: * @return DH hash algorithm
! 117: */
! 118: pts_meas_algorithms_t (*get_dh_hash_algorithm)(pts_t *this);
! 119:
! 120: /**
! 121: * Set DH Hash Algorithm
! 122: *
! 123: * @param algorithm DH hash algorithm
! 124: */
! 125: void (*set_dh_hash_algorithm)(pts_t *this, pts_meas_algorithms_t algorithm);
! 126:
! 127: /**
! 128: * Create PTS Diffie-Hellman object and nonce
! 129: *
! 130: * @param group PTS DH group
! 131: * @param nonce_len Nonce length
! 132: * @return TRUE if creation was successful
! 133: *
! 134: */
! 135: bool (*create_dh_nonce)(pts_t *this, pts_dh_group_t group, int nonce_len);
! 136:
! 137: /**
! 138: * Get my Diffie-Hellman public value
! 139: *
! 140: * @param value My public DH value
! 141: * @param nonce My DH nonce
! 142: * @return TRUE if public value retrieved successfully
! 143: */
! 144: bool (*get_my_public_value)(pts_t *this, chunk_t *value, chunk_t *nonce);
! 145:
! 146: /**
! 147: * Set peer Diffie.Hellman public value
! 148: *
! 149: * @param value Peer public DH value
! 150: * @param nonce Peer DH nonce
! 151: * @return TRUE if public value set successfully
! 152: */
! 153: bool (*set_peer_public_value) (pts_t *this, chunk_t value, chunk_t nonce);
! 154:
! 155: /**
! 156: * Calculates assessment secret to be used for TPM Quote as ExternalData
! 157: *
! 158: * @return TRUE unless both DH public values
! 159: * and nonces are set
! 160: */
! 161: bool (*calculate_secret) (pts_t *this);
! 162:
! 163: /**
! 164: * Get primary key of platform entry in database
! 165: *
! 166: * @return Platform and OS info
! 167: */
! 168: int (*get_platform_id)(pts_t *this);
! 169:
! 170: /**
! 171: * Set primary key of platform entry in database
! 172: *
! 173: * @param pid Primary key of platform entry in database
! 174: */
! 175: void (*set_platform_id)(pts_t *this, int pid);
! 176:
! 177: /**
! 178: * Get TPM 1.2 Version Info
! 179: *
! 180: * @param info chunk containing a TPM_CAP_VERSION_INFO struct
! 181: * @return TRUE if TPM Version Info available
! 182: */
! 183: bool (*get_tpm_version_info)(pts_t *this, chunk_t *info);
! 184:
! 185: /**
! 186: * Set TPM 1.2 Version Info
! 187: *
! 188: * @param info chunk containing a TPM_CAP_VERSION_INFO struct
! 189: */
! 190: void (*set_tpm_version_info)(pts_t *this, chunk_t info);
! 191:
! 192: /**
! 193: * Get Attestation Identity Certificate or Public Key
! 194: *
! 195: * @return AIK Certificate or Public Key
! 196: */
! 197: certificate_t* (*get_aik)(pts_t *this);
! 198:
! 199: /**
! 200: * Set Attestation Identity Certificate or Public Key
! 201: *
! 202: * @param aik AIK Certificate or Public Key
! 203: * @param aik_id Primary key referencing AIK in database
! 204: */
! 205: void (*set_aik)(pts_t *this, certificate_t *aik, int aik_id);
! 206:
! 207: /**
! 208: * Get primary key referencing AIK in database
! 209: *
! 210: * @return Primary key referencing AIK in database
! 211: */
! 212: int (*get_aik_id)(pts_t *this);
! 213:
! 214: /**
! 215: * Check whether path is valid file/directory on filesystem
! 216: *
! 217: * @param path Absolute path
! 218: * @param error_code Output variable for PTS error code
! 219: * @return TRUE if path is valid or file/directory
! 220: * doesn't exist or path is invalid
! 221: * FALSE if local error occurred within stat function
! 222: */
! 223: bool (*is_path_valid)(pts_t *this, char *path, pts_error_code_t *error_code);
! 224:
! 225: /**
! 226: * Obtain file metadata
! 227: *
! 228: * @param pathname Absolute pathname of file/directory
! 229: * @param is_dir TRUE if directory contents are requested
! 230: * @return PTS File Metadata or NULL if FAILED
! 231: */
! 232: pts_file_meta_t* (*get_metadata)(pts_t *this, char *pathname, bool is_dir);
! 233:
! 234: /**
! 235: * Retrieve the current value of a PCR register in a given PCR bank
! 236: *
! 237: * @param pcr_num PCR number
! 238: * @param pcr_value PCR value returned
! 239: * @param alg hash algorithm, selects PCR bank (TPM 2.0 only)
! 240: * @return TRUE if PCR value retrieval succeeded
! 241: */
! 242: bool (*read_pcr)(pts_t *this, uint32_t pcr_num, chunk_t *pcr_value,
! 243: hash_algorithm_t alg);
! 244:
! 245: /**
! 246: * Extend a PCR register in a given PCR bank with a hash value
! 247: *
! 248: * @param pcr_num PCR number
! 249: * @param pcr_value extended PCR value returned
! 250: * @param hash data to be extended into the PCR
! 251: * @param alg hash algorithm, selects PCR bank (TPM 2.0 only)
! 252: * @return TRUE if PCR extension succeeded
! 253: */
! 254: bool (*extend_pcr)(pts_t *this, uint32_t pcr_num, chunk_t *pcr_value,
! 255: chunk_t data, hash_algorithm_t alg);
! 256:
! 257: /**
! 258: * Quote over PCR's
! 259: * Expects owner and SRK secret to be WELL_KNOWN_SECRET and no password set for AIK
! 260: *
! 261: * @param quote_mode type of Quote signature
! 262: * @param quote_info returns various info covered by Quote signature
! 263: * @param quote_sig returns Quote signature
! 264: * @return FALSE in case of Quote error, TRUE otherwise
! 265: */
! 266: bool (*quote)(pts_t *this, tpm_quote_mode_t *quote_mode,
! 267: tpm_tss_quote_info_t **quote_info, chunk_t *quote_sig);
! 268:
! 269: /**
! 270: * Get the shadow PCR set
! 271: *
! 272: * @return shadow PCR set
! 273: */
! 274: pts_pcr_t* (*get_pcrs)(pts_t *this);
! 275:
! 276: /**
! 277: * Computes digest of the constructed TPM Quote Info structure
! 278: *
! 279: * @param quote_info TPM Quote Info as received from IMC
! 280: * @param quoted Encoding of TPM Quote Info
! 281: * @return FALSE in case of any error, TRUE otherwise
! 282: */
! 283: bool (*get_quote)(pts_t *this, tpm_tss_quote_info_t *quote_info,
! 284: chunk_t *quoted);
! 285:
! 286: /**
! 287: * Constructs and returns PCR Quote Digest structure expected from IMC
! 288: *
! 289: * @param digest_alg Hash algorithm used for TPM Quote Digest
! 290: * @param digest Calculated TPM Quote Digest
! 291: * @param signature TPM Quote Signature received from IMC
! 292: * @return FALSE if signature is not verified
! 293: */
! 294: bool (*verify_quote_signature)(pts_t *this, hash_algorithm_t digest_alg,
! 295: chunk_t digest, chunk_t signature);
! 296:
! 297: /**
! 298: * Destroys a pts_t object.
! 299: */
! 300: void (*destroy)(pts_t *this);
! 301:
! 302: };
! 303:
! 304: /**
! 305: * Creates an pts_t object
! 306: *
! 307: * @param is_imc TRUE if running on an IMC
! 308: */
! 309: pts_t* pts_create(bool is_imc);
! 310:
! 311: #endif /** PTS_H_ @}*/
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to pts.h CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / libimcv / pts