[thirdparty/strongswan.git] / src / libtpmtss / tpm_tss.h

/*
 * Copyright (C) 2016 Andreas Steffen
 * HSR Hochschule fuer Technik Rapperswil
 *
 * This program is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License as published by the
 * Free Software Foundation; either version 2 of the License, or (at your
 * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
 *
 * This program is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
 * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 * for more details.
 */

/**
 * @defgroup libtpmtss libtpmtss
 *
 * @addtogroup libtpmtss
 * @{
 */

#ifndef TPM_TSS_H_
#define TPM_TSS_H_

#include "tpm_tss_quote_info.h"

#include <library.h>
#include <crypto/hashers/hasher.h>

typedef enum tpm_version_t tpm_version_t;
typedef struct tpm_tss_t tpm_tss_t;

/**
 * TPM Versions
 */
enum tpm_version_t {
	TPM_VERSION_ANY,
	TPM_VERSION_1_2,
	TPM_VERSION_2_0,
};

/**
 * TPM access via TSS public interface
 */
struct tpm_tss_t {

	/**
	 * Get TPM version supported by TSS
	 *
	 * @return		TPM version
	 */
	tpm_version_t (*get_version)(tpm_tss_t *this);

	/**
	 * Get TPM version info (TPM 1.2 only)
	 *
	 * @return			TPM version info struct
	 */
	chunk_t (*get_version_info)(tpm_tss_t *this);

	/**
	 * Generate AIK key pair bound to TPM (TPM 1.2 only)
	 *
	 * @param ca_modulus	RSA modulus of CA public key
	 * @param aik_blob		AIK private key blob
	 * @param aik_pubkey	AIK public key
	 * @return				TRUE if AIK key generation succeeded
	 */
	bool (*generate_aik)(tpm_tss_t *this, chunk_t ca_modulus,
						 chunk_t *aik_blob, chunk_t *aik_pubkey,
						 chunk_t *identity_req);

	/**
	 * Get public key from TPM using its object handle (TPM 2.0 only)
	 *
	 * @param handle	key object handle
	 * @return			public key in PKCS#1 format
	 */
	chunk_t (*get_public)(tpm_tss_t *this, uint32_t handle);

	/**
	 * Retrieve the current value of a PCR register in a given PCR bank
	 *
	 * @param pcr_num		PCR number
	 * @param pcr_value		PCR value returned
	 * @param alg			hash algorithm, selects PCR bank (TPM 2.0 only)
	 * @return				TRUE if PCR value retrieval succeeded
	 */
	bool (*read_pcr)(tpm_tss_t *this, uint32_t pcr_num, chunk_t *pcr_value,
					 hash_algorithm_t alg);

	/**
	 * Extend a PCR register in a given PCR bank with a hash value
	 *
	 * @param pcr_num		PCR number
	 * @param pcr_value		extended PCR value returned
	 * @param hash			data to be extended into the PCR
	 * @param alg			hash algorithm, selects PCR bank (TPM 2.0 only)
	 * @return				TRUE if PCR extension succeeded
	 */
	bool (*extend_pcr)(tpm_tss_t *this, uint32_t pcr_num, chunk_t *pcr_value,
					   chunk_t data, hash_algorithm_t alg);

	/**
	 * Do a quote signature over a selection of PCR registers
	 *
	 * @param aik_handle	object handle of AIK to be used for quote signature
	 * @param pcr_sel		selection of PCR registers
	 * @param alg			hash algorithm to be used for quote signature
	 * @param data			additional data to be hashed into the quote
	 * @param quote_mode	define current and legacy TPM quote modes
	 * @param quote_info	returns various info covered by quote signature
	 * @param quote_sig		returns quote signature
	 * @return				TRUE if quote signature succeeded
	 */
	bool (*quote)(tpm_tss_t *this, uint32_t aik_handle, uint32_t pcr_sel,
				  hash_algorithm_t alg, chunk_t data,
				  tpm_quote_mode_t *quote_mode,
				  tpm_tss_quote_info_t **quote_info, chunk_t *quote_sig);

	/**
	 * Do a signature over a data hash using a TPM key handle (TPM 2.0 only)
	 *
	 * @param handle		object handle of TPM key to be used for signature
	 * @param hierarchy		hierarchy the TPM key object is attached to
	 * @param scheme		scheme to be used for signature
	 * @param data			data to be hashed and signed
	 * @param pin			PIN code or empty chunk
	 * @param signature		returns signature
	 * @return				TRUE if signature succeeded
	 */
	bool (*sign)(tpm_tss_t *this, uint32_t hierarchy, uint32_t handle,
				 signature_scheme_t scheme, chunk_t data, chunk_t pin,
				 chunk_t *signature);

	/**
	 * Get random bytes from the TPM
	 *
	 * @param bytes			number of random bytes requested
	 * @param buffer		buffer where the random bytes are written into
	 * @return				TRUE if random bytes could be delivered
	 */
	bool (*get_random)(tpm_tss_t *this, size_t bytes, uint8_t *buffer);

	/**
	 * Get a data blob from TPM NV store using its object handle (TPM 2.0 only)
	 *
	 * @param handle		object handle of TPM key to be used for signature
	 * @param hierarchy		hierarchy the TPM key object is attached to
	 * @param pin			PIN code or empty chunk
	 * @param data			returns data blob
	 * @return				TRUE if data retrieval succeeded
	 */
	bool (*get_data)(tpm_tss_t *this, uint32_t hierarchy, uint32_t handle,
					 chunk_t pin, chunk_t *data);

	/**
	 * Permanently load a private key into TPM NV storage (TPM 2.0 only)
	 *
	 * @param handle		object handle to be assigned to TPM key
	 * @param hierarchy		hierarchy the TPM key object is attached to
	 * @param pin			PIN code or empty chunk
	 * @param type			private key type
	 * @param encoding		private key encoding
	 * @return				TRUE if load succeeded
	 */
	bool (*load_key)(tpm_tss_t *this, uint32_t hierarchy, uint32_t handle,
					 chunk_t pin, key_type_t type, chunk_t encoding);

	/**
	 * Destroy a tpm_tss_t.
	 */
	void (*destroy)(tpm_tss_t *this);
};

/**
 * Create a tpm_tss instance.
 *
 * @param version	TPM version that must be supported by TSS
 */
tpm_tss_t *tpm_tss_probe(tpm_version_t version);

/**
 * Dummy libtpmtss initialization function needed for integrity test
 */
void libtpmtss_init(void);

#endif /** TPM_TSS_H_ @}*/
Commit	Line	Data
c08753bd AS	1	/*
	2	* Copyright (C) 2016 Andreas Steffen
	3	* HSR Hochschule fuer Technik Rapperswil
	4	*
	5	* This program is free software; you can redistribute it and/or modify it
	6	* under the terms of the GNU General Public License as published by the
	7	* Free Software Foundation; either version 2 of the License, or (at your
	8	* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
	9	*
	10	* This program is distributed in the hope that it will be useful, but
	11	* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
	12	* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
	13	* for more details.
	14	*/
	15
	16	/**
c05d4963 TB	17	* @defgroup libtpmtss libtpmtss
	18	*
	19	* @addtogroup libtpmtss
	20	* @{
c08753bd AS	21	*/
	22
	23	#ifndef TPM_TSS_H_
	24	#define TPM_TSS_H_
	25
721ed31b AS	26	#include "tpm_tss_quote_info.h"
721ed31b AS	27
c08753bd	28	#include <library.h>
721ed31b	29	#include <crypto/hashers/hasher.h>
c08753bd AS	30
	31	typedef enum tpm_version_t tpm_version_t;
	32	typedef struct tpm_tss_t tpm_tss_t;
	33
	34	/**
	35	* TPM Versions
	36	*/
	37	enum tpm_version_t {
	38	TPM_VERSION_ANY,
	39	TPM_VERSION_1_2,
	40	TPM_VERSION_2_0,
	41	};
	42
	43	/**
	44	* TPM access via TSS public interface
	45	*/
	46	struct tpm_tss_t {
	47
	48	/**
	49	* Get TPM version supported by TSS
	50	*
	51	* @return TPM version
	52	*/
	53	tpm_version_t (get_version)(tpm_tss_t this);
	54
fedc6769 AS	55	/**
	56	* Get TPM version info (TPM 1.2 only)
	57	*
	58	* @return TPM version info struct
	59	*/
	60	chunk_t (get_version_info)(tpm_tss_t this);
	61
c08753bd AS	62	/**
	63	* Generate AIK key pair bound to TPM (TPM 1.2 only)
	64	*
	65	* @param ca_modulus RSA modulus of CA public key
	66	* @param aik_blob AIK private key blob
	67	* @param aik_pubkey AIK public key
	68	* @return TRUE if AIK key generation succeeded
	69	*/
	70	bool (generate_aik)(tpm_tss_t this, chunk_t ca_modulus,
	71	chunk_t aik_blob, chunk_t aik_pubkey,
	72	chunk_t *identity_req);
	73
	74	/**
	75	* Get public key from TPM using its object handle (TPM 2.0 only)
	76	*
	77	* @param handle key object handle
	78	* @return public key in PKCS#1 format
	79	*/
	80	chunk_t (get_public)(tpm_tss_t this, uint32_t handle);
	81
30d4989a AS	82	/**
	83	* Retrieve the current value of a PCR register in a given PCR bank
	84	*
	85	* @param pcr_num PCR number
	86	* @param pcr_value PCR value returned
	87	* @param alg hash algorithm, selects PCR bank (TPM 2.0 only)
	88	* @return TRUE if PCR value retrieval succeeded
	89	*/
	90	bool (read_pcr)(tpm_tss_t this, uint32_t pcr_num, chunk_t *pcr_value,
	91	hash_algorithm_t alg);
	92
	93	/**
	94	* Extend a PCR register in a given PCR bank with a hash value
	95	*
	96	* @param pcr_num PCR number
	97	* @param pcr_value extended PCR value returned
	98	* @param hash data to be extended into the PCR
	99	* @param alg hash algorithm, selects PCR bank (TPM 2.0 only)
	100	* @return TRUE if PCR extension succeeded
	101	*/
	102	bool (extend_pcr)(tpm_tss_t this, uint32_t pcr_num, chunk_t *pcr_value,
	103	chunk_t data, hash_algorithm_t alg);
	104
	105	/**
	106	* Do a quote signature over a selection of PCR registers
	107	*
	108	* @param aik_handle object handle of AIK to be used for quote signature
	109	* @param pcr_sel selection of PCR registers
	110	* @param alg hash algorithm to be used for quote signature
	111	* @param data additional data to be hashed into the quote
721ed31b AS	112	* @param quote_mode define current and legacy TPM quote modes
	113	* @param quote_info returns various info covered by quote signature
	114	* @param quote_sig returns quote signature
30d4989a AS	115	* @return TRUE if quote signature succeeded
	116	*/
	117	bool (quote)(tpm_tss_t this, uint32_t aik_handle, uint32_t pcr_sel,
721ed31b AS	118	hash_algorithm_t alg, chunk_t data,
	119	tpm_quote_mode_t *quote_mode,
	120	tpm_tss_quote_info_t *quote_info, chunk_t quote_sig);
30d4989a	121
e8736028 AS	122	/**
	123	* Do a signature over a data hash using a TPM key handle (TPM 2.0 only)
	124	*
	125	* @param handle object handle of TPM key to be used for signature
	126	* @param hierarchy hierarchy the TPM key object is attached to
	127	* @param scheme scheme to be used for signature
	128	* @param data data to be hashed and signed
	129	* @param pin PIN code or empty chunk
	130	* @param signature returns signature
	131	* @return TRUE if signature succeeded
	132	*/
	133	bool (sign)(tpm_tss_t this, uint32_t hierarchy, uint32_t handle,
	134	signature_scheme_t scheme, chunk_t data, chunk_t pin,
	135	chunk_t *signature);
	136
2b233c8a AS	137	/**
	138	* Get random bytes from the TPM
	139	*
	140	* @param bytes number of random bytes requested
	141	* @param buffer buffer where the random bytes are written into
	142	* @return TRUE if random bytes could be delivered
	143	*/
	144	bool (get_random)(tpm_tss_t this, size_t bytes, uint8_t *buffer);
	145
e850d000 AS	146	/**
	147	* Get a data blob from TPM NV store using its object handle (TPM 2.0 only)
	148	*
	149	* @param handle object handle of TPM key to be used for signature
	150	* @param hierarchy hierarchy the TPM key object is attached to
	151	* @param pin PIN code or empty chunk
	152	* @param data returns data blob
	153	* @return TRUE if data retrieval succeeded
	154	*/
	155	bool (get_data)(tpm_tss_t this, uint32_t hierarchy, uint32_t handle,
	156	chunk_t pin, chunk_t *data);
	157
54cdf2cb AS	158	/**
	159	* Permanently load a private key into TPM NV storage (TPM 2.0 only)
	160	*
	161	* @param handle object handle to be assigned to TPM key
	162	* @param hierarchy hierarchy the TPM key object is attached to
	163	* @param pin PIN code or empty chunk
	164	* @param type private key type
	165	* @param encoding private key encoding
	166	* @return TRUE if load succeeded
	167	*/
	168	bool (load_key)(tpm_tss_t this, uint32_t hierarchy, uint32_t handle,
	169	chunk_t pin, key_type_t type, chunk_t encoding);
	170
c08753bd AS	171	/**
	172	* Destroy a tpm_tss_t.
	173	*/
	174	void (destroy)(tpm_tss_t this);
	175	};
	176
	177	/**
	178	* Create a tpm_tss instance.
	179	*
	180	* @param version TPM version that must be supported by TSS
	181	*/
	182	tpm_tss_t *tpm_tss_probe(tpm_version_t version);
	183
b0315936 AS	184	/**
	185	* Dummy libtpmtss initialization function needed for integrity test
	186	*/
	187	void libtpmtss_init(void);
	188
c08753bd	189	#endif /** TPM_TSS_H_ @}*/