![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to pts.h CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / libimcv / pts|
Return to pts.h CVS log | Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / libimcv / pts |
1.1 misho 1: /*
2: * Copyright (C) 2011 Sansar Choinyambuu
1.1.1.2 ! misho 3: * Copyright (C) 2012-2020 Andreas Steffen
1.1 misho 4: * HSR Hochschule fuer Technik Rapperswil
5: *
6: * This program is free software; you can redistribute it and/or modify it
7: * under the terms of the GNU General Public License as published by the
8: * Free Software Foundation; either version 2 of the License, or (at your
9: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10: *
11: * This program is distributed in the hope that it will be useful, but
12: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14: * for more details.
15: */
16:
17: /**
18: * @defgroup pts pts
19: * @{ @ingroup libimcv
20: */
21:
22: #ifndef PTS_H_
23: #define PTS_H_
24:
25: typedef struct pts_t pts_t;
26:
27: #include "pts_error.h"
28: #include "pts_proto_caps.h"
29: #include "pts_meas_algo.h"
30: #include "pts_file_meas.h"
31: #include "pts_file_meta.h"
32: #include "pts_dh_group.h"
33: #include "pts_pcr.h"
34: #include "pts_req_func_comp_evid.h"
1.1.1.2 ! misho 35: #include "pts_symlinks.h"
1.1 misho 36: #include "components/pts_comp_func_name.h"
37:
38: #include <tpm_tss_quote_info.h>
1.1.1.2 ! misho 39: #include <tpm_tss.h>
1.1 misho 40:
41: #include <library.h>
42: #include <collections/linked_list.h>
43:
44: /**
45: * UTF-8 encoding of the character used to delimiter the filename
46: */
47: #define SOLIDUS_UTF 0x2F
48: #define REVERSE_SOLIDUS_UTF 0x5C
49:
50: /**
51: * PCR indices used for measurements of various functional components
52: */
53: #define PCR_BIOS 0
54: #define PCR_PLATFORM_EXT 1
55: #define PCR_MOTHERBOARD 1
56: #define PCR_OPTION_ROMS 2
57: #define PCR_IPL 4
58:
59: #define PCR_TBOOT_POLICY 17
60: #define PCR_TBOOT_MLE 18
61:
62: #define PCR_TGRUB_MBR_STAGE1 4
63: #define PCR_TGRUB_STAGE2_PART1 8
64: #define PCR_TGRUB_STAGE2_PART2 9
65: #define PCR_TGRUB_CMD_LINE_ARGS 12
66: #define PCR_TGRUB_CHECKFILE 13
67: #define PCR_TGRUB_LOADED_FILES 14
68:
69: #define PCR_DEBUG 16
70:
71: /**
72: * Length of the generated nonce used for calculation of shared secret
73: */
74: #define ASSESSMENT_SECRET_LEN 20
75:
76: /**
77: * Hashing algorithm used by tboot and trustedGRUB
78: */
79: #define TRUSTED_HASH_ALGO PTS_MEAS_ALGO_SHA1
80:
81: /**
82: * Class implementing the TCG Platform Trust Service (PTS)
83: *
84: */
85: struct pts_t {
86:
87: /**
88: * Get PTS Protocol Capabilities
89: *
90: * @return Protocol capabilities flags
91: */
92: pts_proto_caps_flag_t (*get_proto_caps)(pts_t *this);
93:
94: /**
95: * Set PTS Protocol Capabilities
96: *
97: * @param flags Protocol capabilities flags
98: */
99: void (*set_proto_caps)(pts_t *this, pts_proto_caps_flag_t flags);
100:
101: /**
102: * Get PTS Measurement Algorithm
103: *
104: * @return PTS measurement algorithm
105: */
106: pts_meas_algorithms_t (*get_meas_algorithm)(pts_t *this);
107:
108: /**
109: * Set PTS Measurement Algorithm
110: *
111: * @param algorithm PTS measurement algorithm
112: */
113: void (*set_meas_algorithm)(pts_t *this, pts_meas_algorithms_t algorithm);
114:
115: /**
116: * Get DH Hash Algorithm
117: *
118: * @return DH hash algorithm
119: */
120: pts_meas_algorithms_t (*get_dh_hash_algorithm)(pts_t *this);
121:
122: /**
123: * Set DH Hash Algorithm
124: *
125: * @param algorithm DH hash algorithm
126: */
127: void (*set_dh_hash_algorithm)(pts_t *this, pts_meas_algorithms_t algorithm);
128:
129: /**
130: * Create PTS Diffie-Hellman object and nonce
131: *
132: * @param group PTS DH group
133: * @param nonce_len Nonce length
134: * @return TRUE if creation was successful
135: *
136: */
137: bool (*create_dh_nonce)(pts_t *this, pts_dh_group_t group, int nonce_len);
138:
139: /**
140: * Get my Diffie-Hellman public value
141: *
142: * @param value My public DH value
143: * @param nonce My DH nonce
144: * @return TRUE if public value retrieved successfully
145: */
146: bool (*get_my_public_value)(pts_t *this, chunk_t *value, chunk_t *nonce);
147:
148: /**
149: * Set peer Diffie.Hellman public value
150: *
151: * @param value Peer public DH value
152: * @param nonce Peer DH nonce
153: * @return TRUE if public value set successfully
154: */
155: bool (*set_peer_public_value) (pts_t *this, chunk_t value, chunk_t nonce);
156:
157: /**
158: * Calculates assessment secret to be used for TPM Quote as ExternalData
159: *
160: * @return TRUE unless both DH public values
161: * and nonces are set
162: */
163: bool (*calculate_secret) (pts_t *this);
164:
165: /**
166: * Get primary key of platform entry in database
167: *
168: * @return Platform and OS info
169: */
170: int (*get_platform_id)(pts_t *this);
171:
172: /**
173: * Set primary key of platform entry in database
174: *
175: * @param pid Primary key of platform entry in database
176: */
177: void (*set_platform_id)(pts_t *this, int pid);
178:
179: /**
1.1.1.2 ! misho 180: * Extract all directory symlinks contained in a directory
! 181: *
! 182: * @param pathname Absolute pathname of directory
! 183: * @return List of directory symlinks
! 184: */
! 185: pts_symlinks_t* (*extract_symlinks)(pts_t *this, chunk_t pathname);
! 186:
! 187: /**
! 188: * Get list of directory symlinks received from IMC
! 189: *
! 190: * @return List of symbolic links
! 191: */
! 192: pts_symlinks_t* (*get_symlinks)(pts_t *this);
! 193:
! 194: /**
! 195: * Set list of directory symlinks received from IMC
! 196: *
! 197: * @param symlinks List of symbolic links
! 198: */
! 199: void (*set_symlinks)(pts_t *this, pts_symlinks_t *symlinks);
! 200:
! 201:
! 202: /**
! 203: * Get TPM object handle
! 204: *
! 205: * @return TPM object handle
! 206: */
! 207: tpm_tss_t* (*get_tpm)(pts_t *this);
! 208:
! 209: /**
1.1 misho 210: * Get TPM 1.2 Version Info
211: *
1.1.1.2 ! misho 212: * @param info chunk containing a TPM_Version Info struct
! 213: * @return TRUE if TPM Version_Info available
1.1 misho 214: */
215: bool (*get_tpm_version_info)(pts_t *this, chunk_t *info);
216:
217: /**
218: * Set TPM 1.2 Version Info
219: *
1.1.1.2 ! misho 220: * @param info chunk containing a TPM Version Info struct
1.1 misho 221: */
222: void (*set_tpm_version_info)(pts_t *this, chunk_t info);
223:
224: /**
225: * Get Attestation Identity Certificate or Public Key
226: *
227: * @return AIK Certificate or Public Key
228: */
229: certificate_t* (*get_aik)(pts_t *this);
230:
231: /**
232: * Set Attestation Identity Certificate or Public Key
233: *
234: * @param aik AIK Certificate or Public Key
235: * @param aik_id Primary key referencing AIK in database
236: */
237: void (*set_aik)(pts_t *this, certificate_t *aik, int aik_id);
238:
239: /**
240: * Get primary key referencing AIK in database
241: *
242: * @return Primary key referencing AIK in database
243: */
244: int (*get_aik_id)(pts_t *this);
245:
246: /**
247: * Check whether path is valid file/directory on filesystem
248: *
249: * @param path Absolute path
250: * @param error_code Output variable for PTS error code
251: * @return TRUE if path is valid or file/directory
252: * doesn't exist or path is invalid
253: * FALSE if local error occurred within stat function
254: */
255: bool (*is_path_valid)(pts_t *this, char *path, pts_error_code_t *error_code);
256:
257: /**
258: * Obtain file metadata
259: *
260: * @param pathname Absolute pathname of file/directory
261: * @param is_dir TRUE if directory contents are requested
262: * @return PTS File Metadata or NULL if FAILED
263: */
264: pts_file_meta_t* (*get_metadata)(pts_t *this, char *pathname, bool is_dir);
265:
266: /**
267: * Retrieve the current value of a PCR register in a given PCR bank
268: *
269: * @param pcr_num PCR number
270: * @param pcr_value PCR value returned
271: * @param alg hash algorithm, selects PCR bank (TPM 2.0 only)
272: * @return TRUE if PCR value retrieval succeeded
273: */
274: bool (*read_pcr)(pts_t *this, uint32_t pcr_num, chunk_t *pcr_value,
275: hash_algorithm_t alg);
276:
277: /**
278: * Extend a PCR register in a given PCR bank with a hash value
279: *
280: * @param pcr_num PCR number
281: * @param pcr_value extended PCR value returned
282: * @param hash data to be extended into the PCR
283: * @param alg hash algorithm, selects PCR bank (TPM 2.0 only)
284: * @return TRUE if PCR extension succeeded
285: */
286: bool (*extend_pcr)(pts_t *this, uint32_t pcr_num, chunk_t *pcr_value,
287: chunk_t data, hash_algorithm_t alg);
288:
289: /**
290: * Quote over PCR's
291: * Expects owner and SRK secret to be WELL_KNOWN_SECRET and no password set for AIK
292: *
293: * @param quote_mode type of Quote signature
294: * @param quote_info returns various info covered by Quote signature
295: * @param quote_sig returns Quote signature
296: * @return FALSE in case of Quote error, TRUE otherwise
297: */
298: bool (*quote)(pts_t *this, tpm_quote_mode_t *quote_mode,
299: tpm_tss_quote_info_t **quote_info, chunk_t *quote_sig);
300:
301: /**
302: * Get the shadow PCR set
303: *
304: * @return shadow PCR set
305: */
306: pts_pcr_t* (*get_pcrs)(pts_t *this);
307:
308: /**
309: * Computes digest of the constructed TPM Quote Info structure
310: *
311: * @param quote_info TPM Quote Info as received from IMC
312: * @param quoted Encoding of TPM Quote Info
313: * @return FALSE in case of any error, TRUE otherwise
314: */
315: bool (*get_quote)(pts_t *this, tpm_tss_quote_info_t *quote_info,
316: chunk_t *quoted);
317:
318: /**
319: * Constructs and returns PCR Quote Digest structure expected from IMC
320: *
321: * @param digest_alg Hash algorithm used for TPM Quote Digest
322: * @param digest Calculated TPM Quote Digest
323: * @param signature TPM Quote Signature received from IMC
324: * @return FALSE if signature is not verified
325: */
326: bool (*verify_quote_signature)(pts_t *this, hash_algorithm_t digest_alg,
327: chunk_t digest, chunk_t signature);
328:
329: /**
330: * Destroys a pts_t object.
331: */
332: void (*destroy)(pts_t *this);
333:
334: };
335:
336: /**
337: * Creates an pts_t object
338: *
339: * @param is_imc TRUE if running on an IMC
340: */
341: pts_t* pts_create(bool is_imc);
342:
343: #endif /** PTS_H_ @}*/