[thirdparty/strongswan.git] / src / libtpmtss / tpm_tss.h

/*
 * Copyright (C) 2016 Andreas Steffen
 * HSR Hochschule fuer Technik Rapperswil
 *
 * This program is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License as published by the
 * Free Software Foundation; either version 2 of the License, or (at your
 * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
 *
 * This program is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
 * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 * for more details.
 */

/**
 * @defgroup tpm_tss tpm_tss
 * @{ @ingroup libtpmtss
 */

#ifndef TPM_TSS_H_
#define TPM_TSS_H_

#include <library.h>

typedef enum tpm_version_t tpm_version_t;
typedef enum tpm_quote_mode_t tpm_quote_mode_t;
typedef struct tpm_tss_t tpm_tss_t;

/**
 * TPM Versions
 */
enum tpm_version_t {
	TPM_VERSION_ANY,
	TPM_VERSION_1_2,
	TPM_VERSION_2_0,
};

/**
 * TPM Quote Modes
 */
enum tpm_quote_mode_t {
	TPM_QUOTE,
	TPM_QUOTE2,
	TPM_QUOTE2_VERSION_INFO
};

/**
 * TPM access via TSS public interface
 */
struct tpm_tss_t {

	/**
	 * Get TPM version supported by TSS
	 *
	 * @return		TPM version
	 */
	tpm_version_t (*get_version)(tpm_tss_t *this);

	/**
	 * Get TPM version info (TPM 1.2 only)
	 *
	 * @return			TPM version info struct
	 */
	chunk_t (*get_version_info)(tpm_tss_t *this);

	/**
	 * Generate AIK key pair bound to TPM (TPM 1.2 only)
	 *
	 * @param ca_modulus	RSA modulus of CA public key
	 * @param aik_blob		AIK private key blob
	 * @param aik_pubkey	AIK public key
	 * @return				TRUE if AIK key generation succeeded
	 */
	bool (*generate_aik)(tpm_tss_t *this, chunk_t ca_modulus,
						 chunk_t *aik_blob, chunk_t *aik_pubkey,
						 chunk_t *identity_req);

	/**
	 * Get public key from TPM using its object handle (TPM 2.0 only)
	 *
	 * @param handle	key object handle
	 * @return			public key in PKCS#1 format
	 */
	chunk_t (*get_public)(tpm_tss_t *this, uint32_t handle);

	/**
	 * Retrieve the current value of a PCR register in a given PCR bank
	 *
	 * @param pcr_num		PCR number
	 * @param pcr_value		PCR value returned
	 * @param alg			hash algorithm, selects PCR bank (TPM 2.0 only)
	 * @return				TRUE if PCR value retrieval succeeded
	 */
	bool (*read_pcr)(tpm_tss_t *this, uint32_t pcr_num, chunk_t *pcr_value,
					 hash_algorithm_t alg);

	/**
	 * Extend a PCR register in a given PCR bank with a hash value
	 *
	 * @param pcr_num		PCR number
	 * @param pcr_value		extended PCR value returned
	 * @param hash			data to be extended into the PCR
	 * @param alg			hash algorithm, selects PCR bank (TPM 2.0 only)
	 * @return				TRUE if PCR extension succeeded
	 */
	bool (*extend_pcr)(tpm_tss_t *this, uint32_t pcr_num, chunk_t *pcr_value,
					   chunk_t data, hash_algorithm_t alg);

	/**
	 * Do a quote signature over a selection of PCR registers
	 *
	 * @param aik_handle	object handle of AIK to be used for quote signature
	 * @param pcr_sel		selection of PCR registers
	 * @param alg			hash algorithm to be used for quote signature
	 * @param data			additional data to be hashed into the quote
	 * @param mode			define current and legacy TPM quote modes
	 * @param pcr_comp		returns hash of PCR composite
	 * @param sig			returns quote signature
	 * @return				TRUE if quote signature succeeded
	 */
	bool (*quote)(tpm_tss_t *this, uint32_t aik_handle, uint32_t pcr_sel,
				  hash_algorithm_t alg, chunk_t data, tpm_quote_mode_t mode,
				  chunk_t *pcr_comp, chunk_t *quote_sig);

	/**
	 * Destroy a tpm_tss_t.
	 */
	void (*destroy)(tpm_tss_t *this);
};

/**
 * Create a tpm_tss instance.
 *
 * @param version	TPM version that must be supported by TSS
 */
tpm_tss_t *tpm_tss_probe(tpm_version_t version);

#endif /** TPM_TSS_H_ @}*/
Commit	Line	Data
c08753bd AS	1	/*
	2	* Copyright (C) 2016 Andreas Steffen
	3	* HSR Hochschule fuer Technik Rapperswil
	4	*
	5	* This program is free software; you can redistribute it and/or modify it
	6	* under the terms of the GNU General Public License as published by the
	7	* Free Software Foundation; either version 2 of the License, or (at your
	8	* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
	9	*
	10	* This program is distributed in the hope that it will be useful, but
	11	* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
	12	* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
	13	* for more details.
	14	*/
	15
	16	/**
	17	* @defgroup tpm_tss tpm_tss
	18	* @{ @ingroup libtpmtss
	19	*/
	20
	21	#ifndef TPM_TSS_H_
	22	#define TPM_TSS_H_
	23
	24	#include <library.h>
	25
	26	typedef enum tpm_version_t tpm_version_t;
30d4989a	27	typedef enum tpm_quote_mode_t tpm_quote_mode_t;
c08753bd AS	28	typedef struct tpm_tss_t tpm_tss_t;
	29
	30	/**
	31	* TPM Versions
	32	*/
	33	enum tpm_version_t {
	34	TPM_VERSION_ANY,
	35	TPM_VERSION_1_2,
	36	TPM_VERSION_2_0,
	37	};
	38
30d4989a AS	39	/**
	40	* TPM Quote Modes
	41	*/
	42	enum tpm_quote_mode_t {
	43	TPM_QUOTE,
	44	TPM_QUOTE2,
	45	TPM_QUOTE2_VERSION_INFO
	46	};
	47
c08753bd AS	48	/**
	49	* TPM access via TSS public interface
	50	*/
	51	struct tpm_tss_t {
	52
	53	/**
	54	* Get TPM version supported by TSS
	55	*
	56	* @return TPM version
	57	*/
	58	tpm_version_t (get_version)(tpm_tss_t this);
	59
fedc6769 AS	60	/**
	61	* Get TPM version info (TPM 1.2 only)
	62	*
	63	* @return TPM version info struct
	64	*/
	65	chunk_t (get_version_info)(tpm_tss_t this);
	66
c08753bd AS	67	/**
	68	* Generate AIK key pair bound to TPM (TPM 1.2 only)
	69	*
	70	* @param ca_modulus RSA modulus of CA public key
	71	* @param aik_blob AIK private key blob
	72	* @param aik_pubkey AIK public key
	73	* @return TRUE if AIK key generation succeeded
	74	*/
	75	bool (generate_aik)(tpm_tss_t this, chunk_t ca_modulus,
	76	chunk_t aik_blob, chunk_t aik_pubkey,
	77	chunk_t *identity_req);
	78
	79	/**
	80	* Get public key from TPM using its object handle (TPM 2.0 only)
	81	*
	82	* @param handle key object handle
	83	* @return public key in PKCS#1 format
	84	*/
	85	chunk_t (get_public)(tpm_tss_t this, uint32_t handle);
	86
30d4989a AS	87	/**
	88	* Retrieve the current value of a PCR register in a given PCR bank
	89	*
	90	* @param pcr_num PCR number
	91	* @param pcr_value PCR value returned
	92	* @param alg hash algorithm, selects PCR bank (TPM 2.0 only)
	93	* @return TRUE if PCR value retrieval succeeded
	94	*/
	95	bool (read_pcr)(tpm_tss_t this, uint32_t pcr_num, chunk_t *pcr_value,
	96	hash_algorithm_t alg);
	97
	98	/**
	99	* Extend a PCR register in a given PCR bank with a hash value
	100	*
	101	* @param pcr_num PCR number
	102	* @param pcr_value extended PCR value returned
	103	* @param hash data to be extended into the PCR
	104	* @param alg hash algorithm, selects PCR bank (TPM 2.0 only)
	105	* @return TRUE if PCR extension succeeded
	106	*/
	107	bool (extend_pcr)(tpm_tss_t this, uint32_t pcr_num, chunk_t *pcr_value,
	108	chunk_t data, hash_algorithm_t alg);
	109
	110	/**
	111	* Do a quote signature over a selection of PCR registers
	112	*
	113	* @param aik_handle object handle of AIK to be used for quote signature
	114	* @param pcr_sel selection of PCR registers
	115	* @param alg hash algorithm to be used for quote signature
	116	* @param data additional data to be hashed into the quote
	117	* @param mode define current and legacy TPM quote modes
	118	* @param pcr_comp returns hash of PCR composite
	119	* @param sig returns quote signature
	120	* @return TRUE if quote signature succeeded
	121	*/
	122	bool (quote)(tpm_tss_t this, uint32_t aik_handle, uint32_t pcr_sel,
	123	hash_algorithm_t alg, chunk_t data, tpm_quote_mode_t mode,
	124	chunk_t pcr_comp, chunk_t quote_sig);
	125
c08753bd AS	126	/**
	127	* Destroy a tpm_tss_t.
	128	*/
	129	void (destroy)(tpm_tss_t this);
	130	};
	131
	132	/**
	133	* Create a tpm_tss instance.
	134	*
	135	* @param version TPM version that must be supported by TSS
	136	*/
	137	tpm_tss_t *tpm_tss_probe(tpm_version_t version);
	138
	139	#endif /** TPM_TSS_H_ @}*/