Annotation of embedaddon/strongswan/src/libtpmtss/tpm_tss.h, revision 1.1
1.1 ! misho 1: /*
! 2: * Copyright (C) 2018 Tobias Brunner
! 3: * Copyright (C) 2016-2018 Andreas Steffen
! 4: * HSR Hochschule fuer Technik Rapperswil
! 5: *
! 6: * This program is free software; you can redistribute it and/or modify it
! 7: * under the terms of the GNU General Public License as published by the
! 8: * Free Software Foundation; either version 2 of the License, or (at your
! 9: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
! 10: *
! 11: * This program is distributed in the hope that it will be useful, but
! 12: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
! 13: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
! 14: * for more details.
! 15: */
! 16:
! 17: /**
! 18: * @defgroup libtpmtss libtpmtss
! 19: *
! 20: * @addtogroup libtpmtss
! 21: * @{
! 22: */
! 23:
! 24: #ifndef TPM_TSS_H_
! 25: #define TPM_TSS_H_
! 26:
! 27: #include "tpm_tss_quote_info.h"
! 28:
! 29: #include <library.h>
! 30: #include <crypto/hashers/hasher.h>
! 31:
! 32: typedef enum tpm_version_t tpm_version_t;
! 33: typedef struct tpm_tss_t tpm_tss_t;
! 34:
! 35: /**
! 36: * TPM Versions
! 37: */
! 38: enum tpm_version_t {
! 39: TPM_VERSION_ANY,
! 40: TPM_VERSION_1_2,
! 41: TPM_VERSION_2_0,
! 42: };
! 43:
! 44: /**
! 45: * TPM access via TSS public interface
! 46: */
! 47: struct tpm_tss_t {
! 48:
! 49: /**
! 50: * Get TPM version supported by TSS
! 51: *
! 52: * @return TPM version
! 53: */
! 54: tpm_version_t (*get_version)(tpm_tss_t *this);
! 55:
! 56: /**
! 57: * Get TPM version info (TPM 1.2 only)
! 58: *
! 59: * @return TPM version info struct
! 60: */
! 61: chunk_t (*get_version_info)(tpm_tss_t *this);
! 62:
! 63: /**
! 64: * Generate AIK key pair bound to TPM (TPM 1.2 only)
! 65: *
! 66: * @param ca_modulus RSA modulus of CA public key
! 67: * @param aik_blob AIK private key blob
! 68: * @param aik_pubkey AIK public key
! 69: * @return TRUE if AIK key generation succeeded
! 70: */
! 71: bool (*generate_aik)(tpm_tss_t *this, chunk_t ca_modulus,
! 72: chunk_t *aik_blob, chunk_t *aik_pubkey,
! 73: chunk_t *identity_req);
! 74:
! 75: /**
! 76: * Get public key from TPM using its object handle (TPM 2.0 only)
! 77: *
! 78: * @param handle key object handle
! 79: * @return public key in PKCS#1 format
! 80: */
! 81: chunk_t (*get_public)(tpm_tss_t *this, uint32_t handle);
! 82:
! 83: /**
! 84: * Return signature schemes supported by the given key (TPM 2.0 only)
! 85: *
! 86: * @param handle key object handle
! 87: * @return enumerator over signature_params_t*
! 88: */
! 89: enumerator_t *(*supported_signature_schemes)(tpm_tss_t *this,
! 90: uint32_t handle);
! 91:
! 92: /**
! 93: * Retrieve the current value of a PCR register in a given PCR bank
! 94: *
! 95: * @param pcr_num PCR number
! 96: * @param pcr_value PCR value returned
! 97: * @param alg hash algorithm, selects PCR bank (TPM 2.0 only)
! 98: * @return TRUE if PCR value retrieval succeeded
! 99: */
! 100: bool (*read_pcr)(tpm_tss_t *this, uint32_t pcr_num, chunk_t *pcr_value,
! 101: hash_algorithm_t alg);
! 102:
! 103: /**
! 104: * Extend a PCR register in a given PCR bank with a hash value
! 105: *
! 106: * @param pcr_num PCR number
! 107: * @param pcr_value extended PCR value returned
! 108: * @param hash data to be extended into the PCR
! 109: * @param alg hash algorithm, selects PCR bank (TPM 2.0 only)
! 110: * @return TRUE if PCR extension succeeded
! 111: */
! 112: bool (*extend_pcr)(tpm_tss_t *this, uint32_t pcr_num, chunk_t *pcr_value,
! 113: chunk_t data, hash_algorithm_t alg);
! 114:
! 115: /**
! 116: * Do a quote signature over a selection of PCR registers
! 117: *
! 118: * @param aik_handle object handle of AIK to be used for quote signature
! 119: * @param pcr_sel selection of PCR registers
! 120: * @param alg hash algorithm to be used for quote signature
! 121: * @param data additional data to be hashed into the quote
! 122: * @param quote_mode define current and legacy TPM quote modes
! 123: * @param quote_info returns various info covered by quote signature
! 124: * @param quote_sig returns quote signature
! 125: * @return TRUE if quote signature succeeded
! 126: */
! 127: bool (*quote)(tpm_tss_t *this, uint32_t aik_handle, uint32_t pcr_sel,
! 128: hash_algorithm_t alg, chunk_t data,
! 129: tpm_quote_mode_t *quote_mode,
! 130: tpm_tss_quote_info_t **quote_info, chunk_t *quote_sig);
! 131:
! 132: /**
! 133: * Do a signature over a data hash using a TPM key handle (TPM 2.0 only)
! 134: *
! 135: * @param handle object handle of TPM key to be used for signature
! 136: * @param hierarchy hierarchy the TPM key object is attached to
! 137: * @param scheme scheme to be used for signature
! 138: * @param param signature scheme parameters
! 139: * @param data data to be hashed and signed
! 140: * @param pin PIN code or empty chunk
! 141: * @param signature returns signature
! 142: * @return TRUE if signature succeeded
! 143: */
! 144: bool (*sign)(tpm_tss_t *this, uint32_t hierarchy, uint32_t handle,
! 145: signature_scheme_t scheme, void *params, chunk_t data,
! 146: chunk_t pin, chunk_t *signature);
! 147:
! 148: /**
! 149: * Get random bytes from the TPM
! 150: *
! 151: * @param bytes number of random bytes requested
! 152: * @param buffer buffer where the random bytes are written into
! 153: * @return TRUE if random bytes could be delivered
! 154: */
! 155: bool (*get_random)(tpm_tss_t *this, size_t bytes, uint8_t *buffer);
! 156:
! 157: /**
! 158: * Get a data blob from TPM NV store using its object handle (TPM 2.0 only)
! 159: *
! 160: * @param handle object handle of TPM key to be used for signature
! 161: * @param hierarchy hierarchy the TPM key object is attached to
! 162: * @param pin PIN code or empty chunk
! 163: * @param data returns data blob
! 164: * @return TRUE if data retrieval succeeded
! 165: */
! 166: bool (*get_data)(tpm_tss_t *this, uint32_t hierarchy, uint32_t handle,
! 167: chunk_t pin, chunk_t *data);
! 168:
! 169: /**
! 170: * Destroy a tpm_tss_t.
! 171: */
! 172: void (*destroy)(tpm_tss_t *this);
! 173: };
! 174:
! 175: /**
! 176: * Create a tpm_tss instance.
! 177: *
! 178: * @param version TPM version that must be supported by TSS
! 179: */
! 180: tpm_tss_t *tpm_tss_probe(tpm_version_t version);
! 181:
! 182: /**
! 183: * libtpmtss initialization function
! 184: *
! 185: * @return TRUE if initialization was successful
! 186: */
! 187: bool libtpmtss_init(void);
! 188:
! 189: /**
! 190: * libtpmtss de-initialization function
! 191: */
! 192: void libtpmtss_deinit(void);
! 193:
! 194: #endif /** TPM_TSS_H_ @}*/
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to tpm_tss.h CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / libtpmtss