Return to tpm_tss.h CVS log | Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / libtpmtss |
1.1 ! misho 1: /* ! 2: * Copyright (C) 2018 Tobias Brunner ! 3: * Copyright (C) 2016-2018 Andreas Steffen ! 4: * HSR Hochschule fuer Technik Rapperswil ! 5: * ! 6: * This program is free software; you can redistribute it and/or modify it ! 7: * under the terms of the GNU General Public License as published by the ! 8: * Free Software Foundation; either version 2 of the License, or (at your ! 9: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. ! 10: * ! 11: * This program is distributed in the hope that it will be useful, but ! 12: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY ! 13: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License ! 14: * for more details. ! 15: */ ! 16: ! 17: /** ! 18: * @defgroup libtpmtss libtpmtss ! 19: * ! 20: * @addtogroup libtpmtss ! 21: * @{ ! 22: */ ! 23: ! 24: #ifndef TPM_TSS_H_ ! 25: #define TPM_TSS_H_ ! 26: ! 27: #include "tpm_tss_quote_info.h" ! 28: ! 29: #include <library.h> ! 30: #include <crypto/hashers/hasher.h> ! 31: ! 32: typedef enum tpm_version_t tpm_version_t; ! 33: typedef struct tpm_tss_t tpm_tss_t; ! 34: ! 35: /** ! 36: * TPM Versions ! 37: */ ! 38: enum tpm_version_t { ! 39: TPM_VERSION_ANY, ! 40: TPM_VERSION_1_2, ! 41: TPM_VERSION_2_0, ! 42: }; ! 43: ! 44: /** ! 45: * TPM access via TSS public interface ! 46: */ ! 47: struct tpm_tss_t { ! 48: ! 49: /** ! 50: * Get TPM version supported by TSS ! 51: * ! 52: * @return TPM version ! 53: */ ! 54: tpm_version_t (*get_version)(tpm_tss_t *this); ! 55: ! 56: /** ! 57: * Get TPM version info (TPM 1.2 only) ! 58: * ! 59: * @return TPM version info struct ! 60: */ ! 61: chunk_t (*get_version_info)(tpm_tss_t *this); ! 62: ! 63: /** ! 64: * Generate AIK key pair bound to TPM (TPM 1.2 only) ! 65: * ! 66: * @param ca_modulus RSA modulus of CA public key ! 67: * @param aik_blob AIK private key blob ! 68: * @param aik_pubkey AIK public key ! 69: * @return TRUE if AIK key generation succeeded ! 70: */ ! 71: bool (*generate_aik)(tpm_tss_t *this, chunk_t ca_modulus, ! 72: chunk_t *aik_blob, chunk_t *aik_pubkey, ! 73: chunk_t *identity_req); ! 74: ! 75: /** ! 76: * Get public key from TPM using its object handle (TPM 2.0 only) ! 77: * ! 78: * @param handle key object handle ! 79: * @return public key in PKCS#1 format ! 80: */ ! 81: chunk_t (*get_public)(tpm_tss_t *this, uint32_t handle); ! 82: ! 83: /** ! 84: * Return signature schemes supported by the given key (TPM 2.0 only) ! 85: * ! 86: * @param handle key object handle ! 87: * @return enumerator over signature_params_t* ! 88: */ ! 89: enumerator_t *(*supported_signature_schemes)(tpm_tss_t *this, ! 90: uint32_t handle); ! 91: ! 92: /** ! 93: * Retrieve the current value of a PCR register in a given PCR bank ! 94: * ! 95: * @param pcr_num PCR number ! 96: * @param pcr_value PCR value returned ! 97: * @param alg hash algorithm, selects PCR bank (TPM 2.0 only) ! 98: * @return TRUE if PCR value retrieval succeeded ! 99: */ ! 100: bool (*read_pcr)(tpm_tss_t *this, uint32_t pcr_num, chunk_t *pcr_value, ! 101: hash_algorithm_t alg); ! 102: ! 103: /** ! 104: * Extend a PCR register in a given PCR bank with a hash value ! 105: * ! 106: * @param pcr_num PCR number ! 107: * @param pcr_value extended PCR value returned ! 108: * @param hash data to be extended into the PCR ! 109: * @param alg hash algorithm, selects PCR bank (TPM 2.0 only) ! 110: * @return TRUE if PCR extension succeeded ! 111: */ ! 112: bool (*extend_pcr)(tpm_tss_t *this, uint32_t pcr_num, chunk_t *pcr_value, ! 113: chunk_t data, hash_algorithm_t alg); ! 114: ! 115: /** ! 116: * Do a quote signature over a selection of PCR registers ! 117: * ! 118: * @param aik_handle object handle of AIK to be used for quote signature ! 119: * @param pcr_sel selection of PCR registers ! 120: * @param alg hash algorithm to be used for quote signature ! 121: * @param data additional data to be hashed into the quote ! 122: * @param quote_mode define current and legacy TPM quote modes ! 123: * @param quote_info returns various info covered by quote signature ! 124: * @param quote_sig returns quote signature ! 125: * @return TRUE if quote signature succeeded ! 126: */ ! 127: bool (*quote)(tpm_tss_t *this, uint32_t aik_handle, uint32_t pcr_sel, ! 128: hash_algorithm_t alg, chunk_t data, ! 129: tpm_quote_mode_t *quote_mode, ! 130: tpm_tss_quote_info_t **quote_info, chunk_t *quote_sig); ! 131: ! 132: /** ! 133: * Do a signature over a data hash using a TPM key handle (TPM 2.0 only) ! 134: * ! 135: * @param handle object handle of TPM key to be used for signature ! 136: * @param hierarchy hierarchy the TPM key object is attached to ! 137: * @param scheme scheme to be used for signature ! 138: * @param param signature scheme parameters ! 139: * @param data data to be hashed and signed ! 140: * @param pin PIN code or empty chunk ! 141: * @param signature returns signature ! 142: * @return TRUE if signature succeeded ! 143: */ ! 144: bool (*sign)(tpm_tss_t *this, uint32_t hierarchy, uint32_t handle, ! 145: signature_scheme_t scheme, void *params, chunk_t data, ! 146: chunk_t pin, chunk_t *signature); ! 147: ! 148: /** ! 149: * Get random bytes from the TPM ! 150: * ! 151: * @param bytes number of random bytes requested ! 152: * @param buffer buffer where the random bytes are written into ! 153: * @return TRUE if random bytes could be delivered ! 154: */ ! 155: bool (*get_random)(tpm_tss_t *this, size_t bytes, uint8_t *buffer); ! 156: ! 157: /** ! 158: * Get a data blob from TPM NV store using its object handle (TPM 2.0 only) ! 159: * ! 160: * @param handle object handle of TPM key to be used for signature ! 161: * @param hierarchy hierarchy the TPM key object is attached to ! 162: * @param pin PIN code or empty chunk ! 163: * @param data returns data blob ! 164: * @return TRUE if data retrieval succeeded ! 165: */ ! 166: bool (*get_data)(tpm_tss_t *this, uint32_t hierarchy, uint32_t handle, ! 167: chunk_t pin, chunk_t *data); ! 168: ! 169: /** ! 170: * Destroy a tpm_tss_t. ! 171: */ ! 172: void (*destroy)(tpm_tss_t *this); ! 173: }; ! 174: ! 175: /** ! 176: * Create a tpm_tss instance. ! 177: * ! 178: * @param version TPM version that must be supported by TSS ! 179: */ ! 180: tpm_tss_t *tpm_tss_probe(tpm_version_t version); ! 181: ! 182: /** ! 183: * libtpmtss initialization function ! 184: * ! 185: * @return TRUE if initialization was successful ! 186: */ ! 187: bool libtpmtss_init(void); ! 188: ! 189: /** ! 190: * libtpmtss de-initialization function ! 191: */ ! 192: void libtpmtss_deinit(void); ! 193: ! 194: #endif /** TPM_TSS_H_ @}*/