Annotation of embedaddon/strongswan/src/libimcv/pts/pts.h, revision 1.1.1.1
1.1 misho 1: /*
2: * Copyright (C) 2011 Sansar Choinyambuu
3: * Copyright (C) 2012-2016 Andreas Steffen
4: * HSR Hochschule fuer Technik Rapperswil
5: *
6: * This program is free software; you can redistribute it and/or modify it
7: * under the terms of the GNU General Public License as published by the
8: * Free Software Foundation; either version 2 of the License, or (at your
9: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10: *
11: * This program is distributed in the hope that it will be useful, but
12: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14: * for more details.
15: */
16:
17: /**
18: * @defgroup pts pts
19: * @{ @ingroup libimcv
20: */
21:
22: #ifndef PTS_H_
23: #define PTS_H_
24:
25: typedef struct pts_t pts_t;
26:
27: #include "pts_error.h"
28: #include "pts_proto_caps.h"
29: #include "pts_meas_algo.h"
30: #include "pts_file_meas.h"
31: #include "pts_file_meta.h"
32: #include "pts_dh_group.h"
33: #include "pts_pcr.h"
34: #include "pts_req_func_comp_evid.h"
35: #include "components/pts_comp_func_name.h"
36:
37: #include <tpm_tss_quote_info.h>
38:
39: #include <library.h>
40: #include <collections/linked_list.h>
41:
42: /**
43: * UTF-8 encoding of the character used to delimiter the filename
44: */
45: #define SOLIDUS_UTF 0x2F
46: #define REVERSE_SOLIDUS_UTF 0x5C
47:
48: /**
49: * PCR indices used for measurements of various functional components
50: */
51: #define PCR_BIOS 0
52: #define PCR_PLATFORM_EXT 1
53: #define PCR_MOTHERBOARD 1
54: #define PCR_OPTION_ROMS 2
55: #define PCR_IPL 4
56:
57: #define PCR_TBOOT_POLICY 17
58: #define PCR_TBOOT_MLE 18
59:
60: #define PCR_TGRUB_MBR_STAGE1 4
61: #define PCR_TGRUB_STAGE2_PART1 8
62: #define PCR_TGRUB_STAGE2_PART2 9
63: #define PCR_TGRUB_CMD_LINE_ARGS 12
64: #define PCR_TGRUB_CHECKFILE 13
65: #define PCR_TGRUB_LOADED_FILES 14
66:
67: #define PCR_DEBUG 16
68:
69: /**
70: * Length of the generated nonce used for calculation of shared secret
71: */
72: #define ASSESSMENT_SECRET_LEN 20
73:
74: /**
75: * Hashing algorithm used by tboot and trustedGRUB
76: */
77: #define TRUSTED_HASH_ALGO PTS_MEAS_ALGO_SHA1
78:
79: /**
80: * Class implementing the TCG Platform Trust Service (PTS)
81: *
82: */
83: struct pts_t {
84:
85: /**
86: * Get PTS Protocol Capabilities
87: *
88: * @return Protocol capabilities flags
89: */
90: pts_proto_caps_flag_t (*get_proto_caps)(pts_t *this);
91:
92: /**
93: * Set PTS Protocol Capabilities
94: *
95: * @param flags Protocol capabilities flags
96: */
97: void (*set_proto_caps)(pts_t *this, pts_proto_caps_flag_t flags);
98:
99: /**
100: * Get PTS Measurement Algorithm
101: *
102: * @return PTS measurement algorithm
103: */
104: pts_meas_algorithms_t (*get_meas_algorithm)(pts_t *this);
105:
106: /**
107: * Set PTS Measurement Algorithm
108: *
109: * @param algorithm PTS measurement algorithm
110: */
111: void (*set_meas_algorithm)(pts_t *this, pts_meas_algorithms_t algorithm);
112:
113: /**
114: * Get DH Hash Algorithm
115: *
116: * @return DH hash algorithm
117: */
118: pts_meas_algorithms_t (*get_dh_hash_algorithm)(pts_t *this);
119:
120: /**
121: * Set DH Hash Algorithm
122: *
123: * @param algorithm DH hash algorithm
124: */
125: void (*set_dh_hash_algorithm)(pts_t *this, pts_meas_algorithms_t algorithm);
126:
127: /**
128: * Create PTS Diffie-Hellman object and nonce
129: *
130: * @param group PTS DH group
131: * @param nonce_len Nonce length
132: * @return TRUE if creation was successful
133: *
134: */
135: bool (*create_dh_nonce)(pts_t *this, pts_dh_group_t group, int nonce_len);
136:
137: /**
138: * Get my Diffie-Hellman public value
139: *
140: * @param value My public DH value
141: * @param nonce My DH nonce
142: * @return TRUE if public value retrieved successfully
143: */
144: bool (*get_my_public_value)(pts_t *this, chunk_t *value, chunk_t *nonce);
145:
146: /**
147: * Set peer Diffie.Hellman public value
148: *
149: * @param value Peer public DH value
150: * @param nonce Peer DH nonce
151: * @return TRUE if public value set successfully
152: */
153: bool (*set_peer_public_value) (pts_t *this, chunk_t value, chunk_t nonce);
154:
155: /**
156: * Calculates assessment secret to be used for TPM Quote as ExternalData
157: *
158: * @return TRUE unless both DH public values
159: * and nonces are set
160: */
161: bool (*calculate_secret) (pts_t *this);
162:
163: /**
164: * Get primary key of platform entry in database
165: *
166: * @return Platform and OS info
167: */
168: int (*get_platform_id)(pts_t *this);
169:
170: /**
171: * Set primary key of platform entry in database
172: *
173: * @param pid Primary key of platform entry in database
174: */
175: void (*set_platform_id)(pts_t *this, int pid);
176:
177: /**
178: * Get TPM 1.2 Version Info
179: *
180: * @param info chunk containing a TPM_CAP_VERSION_INFO struct
181: * @return TRUE if TPM Version Info available
182: */
183: bool (*get_tpm_version_info)(pts_t *this, chunk_t *info);
184:
185: /**
186: * Set TPM 1.2 Version Info
187: *
188: * @param info chunk containing a TPM_CAP_VERSION_INFO struct
189: */
190: void (*set_tpm_version_info)(pts_t *this, chunk_t info);
191:
192: /**
193: * Get Attestation Identity Certificate or Public Key
194: *
195: * @return AIK Certificate or Public Key
196: */
197: certificate_t* (*get_aik)(pts_t *this);
198:
199: /**
200: * Set Attestation Identity Certificate or Public Key
201: *
202: * @param aik AIK Certificate or Public Key
203: * @param aik_id Primary key referencing AIK in database
204: */
205: void (*set_aik)(pts_t *this, certificate_t *aik, int aik_id);
206:
207: /**
208: * Get primary key referencing AIK in database
209: *
210: * @return Primary key referencing AIK in database
211: */
212: int (*get_aik_id)(pts_t *this);
213:
214: /**
215: * Check whether path is valid file/directory on filesystem
216: *
217: * @param path Absolute path
218: * @param error_code Output variable for PTS error code
219: * @return TRUE if path is valid or file/directory
220: * doesn't exist or path is invalid
221: * FALSE if local error occurred within stat function
222: */
223: bool (*is_path_valid)(pts_t *this, char *path, pts_error_code_t *error_code);
224:
225: /**
226: * Obtain file metadata
227: *
228: * @param pathname Absolute pathname of file/directory
229: * @param is_dir TRUE if directory contents are requested
230: * @return PTS File Metadata or NULL if FAILED
231: */
232: pts_file_meta_t* (*get_metadata)(pts_t *this, char *pathname, bool is_dir);
233:
234: /**
235: * Retrieve the current value of a PCR register in a given PCR bank
236: *
237: * @param pcr_num PCR number
238: * @param pcr_value PCR value returned
239: * @param alg hash algorithm, selects PCR bank (TPM 2.0 only)
240: * @return TRUE if PCR value retrieval succeeded
241: */
242: bool (*read_pcr)(pts_t *this, uint32_t pcr_num, chunk_t *pcr_value,
243: hash_algorithm_t alg);
244:
245: /**
246: * Extend a PCR register in a given PCR bank with a hash value
247: *
248: * @param pcr_num PCR number
249: * @param pcr_value extended PCR value returned
250: * @param hash data to be extended into the PCR
251: * @param alg hash algorithm, selects PCR bank (TPM 2.0 only)
252: * @return TRUE if PCR extension succeeded
253: */
254: bool (*extend_pcr)(pts_t *this, uint32_t pcr_num, chunk_t *pcr_value,
255: chunk_t data, hash_algorithm_t alg);
256:
257: /**
258: * Quote over PCR's
259: * Expects owner and SRK secret to be WELL_KNOWN_SECRET and no password set for AIK
260: *
261: * @param quote_mode type of Quote signature
262: * @param quote_info returns various info covered by Quote signature
263: * @param quote_sig returns Quote signature
264: * @return FALSE in case of Quote error, TRUE otherwise
265: */
266: bool (*quote)(pts_t *this, tpm_quote_mode_t *quote_mode,
267: tpm_tss_quote_info_t **quote_info, chunk_t *quote_sig);
268:
269: /**
270: * Get the shadow PCR set
271: *
272: * @return shadow PCR set
273: */
274: pts_pcr_t* (*get_pcrs)(pts_t *this);
275:
276: /**
277: * Computes digest of the constructed TPM Quote Info structure
278: *
279: * @param quote_info TPM Quote Info as received from IMC
280: * @param quoted Encoding of TPM Quote Info
281: * @return FALSE in case of any error, TRUE otherwise
282: */
283: bool (*get_quote)(pts_t *this, tpm_tss_quote_info_t *quote_info,
284: chunk_t *quoted);
285:
286: /**
287: * Constructs and returns PCR Quote Digest structure expected from IMC
288: *
289: * @param digest_alg Hash algorithm used for TPM Quote Digest
290: * @param digest Calculated TPM Quote Digest
291: * @param signature TPM Quote Signature received from IMC
292: * @return FALSE if signature is not verified
293: */
294: bool (*verify_quote_signature)(pts_t *this, hash_algorithm_t digest_alg,
295: chunk_t digest, chunk_t signature);
296:
297: /**
298: * Destroys a pts_t object.
299: */
300: void (*destroy)(pts_t *this);
301:
302: };
303:
304: /**
305: * Creates an pts_t object
306: *
307: * @param is_imc TRUE if running on an IMC
308: */
309: pts_t* pts_create(bool is_imc);
310:
311: #endif /** PTS_H_ @}*/
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>