Annotation of embedaddon/strongswan/src/libtpmtss/tpm_tss.h, revision 1.1.1.1
1.1 misho 1: /*
2: * Copyright (C) 2018 Tobias Brunner
3: * Copyright (C) 2016-2018 Andreas Steffen
4: * HSR Hochschule fuer Technik Rapperswil
5: *
6: * This program is free software; you can redistribute it and/or modify it
7: * under the terms of the GNU General Public License as published by the
8: * Free Software Foundation; either version 2 of the License, or (at your
9: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10: *
11: * This program is distributed in the hope that it will be useful, but
12: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14: * for more details.
15: */
16:
17: /**
18: * @defgroup libtpmtss libtpmtss
19: *
20: * @addtogroup libtpmtss
21: * @{
22: */
23:
24: #ifndef TPM_TSS_H_
25: #define TPM_TSS_H_
26:
27: #include "tpm_tss_quote_info.h"
28:
29: #include <library.h>
30: #include <crypto/hashers/hasher.h>
31:
32: typedef enum tpm_version_t tpm_version_t;
33: typedef struct tpm_tss_t tpm_tss_t;
34:
35: /**
36: * TPM Versions
37: */
38: enum tpm_version_t {
39: TPM_VERSION_ANY,
40: TPM_VERSION_1_2,
41: TPM_VERSION_2_0,
42: };
43:
44: /**
45: * TPM access via TSS public interface
46: */
47: struct tpm_tss_t {
48:
49: /**
50: * Get TPM version supported by TSS
51: *
52: * @return TPM version
53: */
54: tpm_version_t (*get_version)(tpm_tss_t *this);
55:
56: /**
57: * Get TPM version info (TPM 1.2 only)
58: *
59: * @return TPM version info struct
60: */
61: chunk_t (*get_version_info)(tpm_tss_t *this);
62:
63: /**
64: * Generate AIK key pair bound to TPM (TPM 1.2 only)
65: *
66: * @param ca_modulus RSA modulus of CA public key
67: * @param aik_blob AIK private key blob
68: * @param aik_pubkey AIK public key
69: * @return TRUE if AIK key generation succeeded
70: */
71: bool (*generate_aik)(tpm_tss_t *this, chunk_t ca_modulus,
72: chunk_t *aik_blob, chunk_t *aik_pubkey,
73: chunk_t *identity_req);
74:
75: /**
76: * Get public key from TPM using its object handle (TPM 2.0 only)
77: *
78: * @param handle key object handle
79: * @return public key in PKCS#1 format
80: */
81: chunk_t (*get_public)(tpm_tss_t *this, uint32_t handle);
82:
83: /**
84: * Return signature schemes supported by the given key (TPM 2.0 only)
85: *
86: * @param handle key object handle
87: * @return enumerator over signature_params_t*
88: */
89: enumerator_t *(*supported_signature_schemes)(tpm_tss_t *this,
90: uint32_t handle);
91:
92: /**
93: * Retrieve the current value of a PCR register in a given PCR bank
94: *
95: * @param pcr_num PCR number
96: * @param pcr_value PCR value returned
97: * @param alg hash algorithm, selects PCR bank (TPM 2.0 only)
98: * @return TRUE if PCR value retrieval succeeded
99: */
100: bool (*read_pcr)(tpm_tss_t *this, uint32_t pcr_num, chunk_t *pcr_value,
101: hash_algorithm_t alg);
102:
103: /**
104: * Extend a PCR register in a given PCR bank with a hash value
105: *
106: * @param pcr_num PCR number
107: * @param pcr_value extended PCR value returned
108: * @param hash data to be extended into the PCR
109: * @param alg hash algorithm, selects PCR bank (TPM 2.0 only)
110: * @return TRUE if PCR extension succeeded
111: */
112: bool (*extend_pcr)(tpm_tss_t *this, uint32_t pcr_num, chunk_t *pcr_value,
113: chunk_t data, hash_algorithm_t alg);
114:
115: /**
116: * Do a quote signature over a selection of PCR registers
117: *
118: * @param aik_handle object handle of AIK to be used for quote signature
119: * @param pcr_sel selection of PCR registers
120: * @param alg hash algorithm to be used for quote signature
121: * @param data additional data to be hashed into the quote
122: * @param quote_mode define current and legacy TPM quote modes
123: * @param quote_info returns various info covered by quote signature
124: * @param quote_sig returns quote signature
125: * @return TRUE if quote signature succeeded
126: */
127: bool (*quote)(tpm_tss_t *this, uint32_t aik_handle, uint32_t pcr_sel,
128: hash_algorithm_t alg, chunk_t data,
129: tpm_quote_mode_t *quote_mode,
130: tpm_tss_quote_info_t **quote_info, chunk_t *quote_sig);
131:
132: /**
133: * Do a signature over a data hash using a TPM key handle (TPM 2.0 only)
134: *
135: * @param handle object handle of TPM key to be used for signature
136: * @param hierarchy hierarchy the TPM key object is attached to
137: * @param scheme scheme to be used for signature
138: * @param param signature scheme parameters
139: * @param data data to be hashed and signed
140: * @param pin PIN code or empty chunk
141: * @param signature returns signature
142: * @return TRUE if signature succeeded
143: */
144: bool (*sign)(tpm_tss_t *this, uint32_t hierarchy, uint32_t handle,
145: signature_scheme_t scheme, void *params, chunk_t data,
146: chunk_t pin, chunk_t *signature);
147:
148: /**
149: * Get random bytes from the TPM
150: *
151: * @param bytes number of random bytes requested
152: * @param buffer buffer where the random bytes are written into
153: * @return TRUE if random bytes could be delivered
154: */
155: bool (*get_random)(tpm_tss_t *this, size_t bytes, uint8_t *buffer);
156:
157: /**
158: * Get a data blob from TPM NV store using its object handle (TPM 2.0 only)
159: *
160: * @param handle object handle of TPM key to be used for signature
161: * @param hierarchy hierarchy the TPM key object is attached to
162: * @param pin PIN code or empty chunk
163: * @param data returns data blob
164: * @return TRUE if data retrieval succeeded
165: */
166: bool (*get_data)(tpm_tss_t *this, uint32_t hierarchy, uint32_t handle,
167: chunk_t pin, chunk_t *data);
168:
169: /**
170: * Destroy a tpm_tss_t.
171: */
172: void (*destroy)(tpm_tss_t *this);
173: };
174:
175: /**
176: * Create a tpm_tss instance.
177: *
178: * @param version TPM version that must be supported by TSS
179: */
180: tpm_tss_t *tpm_tss_probe(tpm_version_t version);
181:
182: /**
183: * libtpmtss initialization function
184: *
185: * @return TRUE if initialization was successful
186: */
187: bool libtpmtss_init(void);
188:
189: /**
190: * libtpmtss de-initialization function
191: */
192: void libtpmtss_deinit(void);
193:
194: #endif /** TPM_TSS_H_ @}*/
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to tpm_tss.h CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / libtpmtss