1: /*
2: * Copyright (C) 2018 Tobias Brunner
3: * Copyright (C) 2016-2020 Andreas Steffen
4: * HSR Hochschule fuer Technik Rapperswil
5: *
6: * This program is free software; you can redistribute it and/or modify it
7: * under the terms of the GNU General Public License as published by the
8: * Free Software Foundation; either version 2 of the License, or (at your
9: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10: *
11: * This program is distributed in the hope that it will be useful, but
12: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14: * for more details.
15: */
16:
17: /**
18: * @defgroup libtpmtss libtpmtss
19: *
20: * @addtogroup libtpmtss
21: * @{
22: */
23:
24: #ifndef TPM_TSS_H_
25: #define TPM_TSS_H_
26:
27: #include "tpm_tss_quote_info.h"
28:
29: #include <library.h>
30: #include <crypto/hashers/hasher.h>
31:
32: typedef enum tpm_version_t tpm_version_t;
33: typedef struct tpm_tss_t tpm_tss_t;
34:
35: /**
36: * TPM Versions
37: */
38: enum tpm_version_t {
39: TPM_VERSION_ANY,
40: TPM_VERSION_1_2,
41: TPM_VERSION_2_0,
42: };
43:
44: /**
45: * TPM access via TSS public interface
46: */
47: struct tpm_tss_t {
48:
49: /**
50: * Get TPM version supported by TSS
51: *
52: * @return TPM version
53: */
54: tpm_version_t (*get_version)(tpm_tss_t *this);
55:
56: /**
57: * Get TPM version info (TPM 1.2 only)
58: *
59: * @return TPM version info struct
60: */
61: chunk_t (*get_version_info)(tpm_tss_t *this);
62:
63: /**
64: * Generate AIK key pair bound to TPM (TPM 1.2 only)
65: *
66: * @param ca_modulus RSA modulus of CA public key
67: * @param aik_blob AIK private key blob
68: * @param aik_pubkey AIK public key
69: * @return TRUE if AIK key generation succeeded
70: */
71: bool (*generate_aik)(tpm_tss_t *this, chunk_t ca_modulus,
72: chunk_t *aik_blob, chunk_t *aik_pubkey,
73: chunk_t *identity_req);
74:
75: /**
76: * Get public key from TPM using its object handle (TPM 2.0 only)
77: *
78: * @param handle key object handle
79: * @return public key in PKCS#1 format
80: */
81: chunk_t (*get_public)(tpm_tss_t *this, uint32_t handle);
82:
83: /**
84: * Return signature schemes supported by the given key (TPM 2.0 only)
85: *
86: * @param handle key object handle
87: * @return enumerator over signature_params_t*
88: */
89: enumerator_t *(*supported_signature_schemes)(tpm_tss_t *this,
90: uint32_t handle);
91:
92: /**
93: * Check if there is an assigned PCR bank for the given hash algorithm
94: *
95: * @param alg hash algorithm
96: * @return TRUE if a PCR bank for this algorithm exists
97: */
98: bool (*has_pcr_bank)(tpm_tss_t *this, hash_algorithm_t alg);
99:
100: /**
101: * Retrieve the current value of a PCR register in a given PCR bank
102: *
103: * @param pcr_num PCR number
104: * @param pcr_value PCR value returned
105: * @param alg hash algorithm, selects PCR bank (TPM 2.0 only)
106: * @return TRUE if PCR value retrieval succeeded
107: */
108: bool (*read_pcr)(tpm_tss_t *this, uint32_t pcr_num, chunk_t *pcr_value,
109: hash_algorithm_t alg);
110:
111: /**
112: * Extend a PCR register in a given PCR bank with a hash value
113: *
114: * @param pcr_num PCR number
115: * @param pcr_value extended PCR value returned
116: * @param hash data to be extended into the PCR
117: * @param alg hash algorithm, selects PCR bank (TPM 2.0 only)
118: * @return TRUE if PCR extension succeeded
119: */
120: bool (*extend_pcr)(tpm_tss_t *this, uint32_t pcr_num, chunk_t *pcr_value,
121: chunk_t data, hash_algorithm_t alg);
122:
123: /**
124: * Do a quote signature over a selection of PCR registers
125: *
126: * @param aik_handle object handle of AIK to be used for quote signature
127: * @param pcr_sel selection of PCR registers
128: * @param alg hash algorithm to be used for quote signature
129: * @param data additional data to be hashed into the quote
130: * @param quote_mode define current and legacy TPM quote modes
131: * @param quote_info returns various info covered by quote signature
132: * @param quote_sig returns quote signature
133: * @return TRUE if quote signature succeeded
134: */
135: bool (*quote)(tpm_tss_t *this, uint32_t aik_handle, uint32_t pcr_sel,
136: hash_algorithm_t alg, chunk_t data,
137: tpm_quote_mode_t *quote_mode,
138: tpm_tss_quote_info_t **quote_info, chunk_t *quote_sig);
139:
140: /**
141: * Do a signature over a data hash using a TPM key handle (TPM 2.0 only)
142: *
143: * @param handle object handle of TPM key to be used for signature
144: * @param hierarchy hierarchy the TPM key object is attached to
145: * @param scheme scheme to be used for signature
146: * @param param signature scheme parameters
147: * @param data data to be hashed and signed
148: * @param pin PIN code or empty chunk
149: * @param signature returns signature
150: * @return TRUE if signature succeeded
151: */
152: bool (*sign)(tpm_tss_t *this, uint32_t hierarchy, uint32_t handle,
153: signature_scheme_t scheme, void *params, chunk_t data,
154: chunk_t pin, chunk_t *signature);
155:
156: /**
157: * Get random bytes from the TPM
158: *
159: * @param bytes number of random bytes requested
160: * @param buffer buffer where the random bytes are written into
161: * @return TRUE if random bytes could be delivered
162: */
163: bool (*get_random)(tpm_tss_t *this, size_t bytes, uint8_t *buffer);
164:
165: /**
166: * Get a data blob from TPM NV store using its object handle (TPM 2.0 only)
167: *
168: * @param handle object handle of TPM key to be used for signature
169: * @param hierarchy hierarchy the TPM key object is attached to
170: * @param pin PIN code or empty chunk
171: * @param data returns data blob
172: * @return TRUE if data retrieval succeeded
173: */
174: bool (*get_data)(tpm_tss_t *this, uint32_t hierarchy, uint32_t handle,
175: chunk_t pin, chunk_t *data);
176:
177: /**
178: * Get an event digest from a TPM measurement log
179: *
180: * @param fd file descriptor of the measurement log
181: * @param hash hash algorithm of the digest to be extracted
182: * @param digest allocated chunk_t containing event digest
183: * @return TRUE if event digest was successfully extracted
184: */
185: bool (*get_event_digest)(tpm_tss_t *this, int fd, hash_algorithm_t alg,
186: chunk_t *digest);
187:
188: /**
189: * Destroy a tpm_tss_t.
190: */
191: void (*destroy)(tpm_tss_t *this);
192: };
193:
194: /**
195: * Create a tpm_tss instance.
196: *
197: * @param version TPM version that must be supported by TSS
198: */
199: tpm_tss_t *tpm_tss_probe(tpm_version_t version);
200:
201: /**
202: * libtpmtss initialization function
203: *
204: * @return TRUE if initialization was successful
205: */
206: bool libtpmtss_init(void);
207:
208: /**
209: * libtpmtss de-initialization function
210: */
211: void libtpmtss_deinit(void);
212:
213: #endif /** TPM_TSS_H_ @}*/
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to tpm_tss.h CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / libtpmtss