]>
Commit | Line | Data |
---|---|---|
c08753bd AS |
1 | /* |
2 | * Copyright (C) 2016 Andreas Steffen | |
3 | * HSR Hochschule fuer Technik Rapperswil | |
4 | * | |
5 | * This program is free software; you can redistribute it and/or modify it | |
6 | * under the terms of the GNU General Public License as published by the | |
7 | * Free Software Foundation; either version 2 of the License, or (at your | |
8 | * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. | |
9 | * | |
10 | * This program is distributed in the hope that it will be useful, but | |
11 | * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
12 | * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License | |
13 | * for more details. | |
14 | */ | |
15 | ||
16 | /** | |
c05d4963 TB |
17 | * @defgroup libtpmtss libtpmtss |
18 | * | |
19 | * @addtogroup libtpmtss | |
20 | * @{ | |
c08753bd AS |
21 | */ |
22 | ||
23 | #ifndef TPM_TSS_H_ | |
24 | #define TPM_TSS_H_ | |
25 | ||
721ed31b AS |
26 | #include "tpm_tss_quote_info.h" |
27 | ||
c08753bd | 28 | #include <library.h> |
721ed31b | 29 | #include <crypto/hashers/hasher.h> |
c08753bd AS |
30 | |
31 | typedef enum tpm_version_t tpm_version_t; | |
32 | typedef struct tpm_tss_t tpm_tss_t; | |
33 | ||
34 | /** | |
35 | * TPM Versions | |
36 | */ | |
37 | enum tpm_version_t { | |
38 | TPM_VERSION_ANY, | |
39 | TPM_VERSION_1_2, | |
40 | TPM_VERSION_2_0, | |
41 | }; | |
42 | ||
43 | /** | |
44 | * TPM access via TSS public interface | |
45 | */ | |
46 | struct tpm_tss_t { | |
47 | ||
48 | /** | |
49 | * Get TPM version supported by TSS | |
50 | * | |
51 | * @return TPM version | |
52 | */ | |
53 | tpm_version_t (*get_version)(tpm_tss_t *this); | |
54 | ||
fedc6769 AS |
55 | /** |
56 | * Get TPM version info (TPM 1.2 only) | |
57 | * | |
58 | * @return TPM version info struct | |
59 | */ | |
60 | chunk_t (*get_version_info)(tpm_tss_t *this); | |
61 | ||
c08753bd AS |
62 | /** |
63 | * Generate AIK key pair bound to TPM (TPM 1.2 only) | |
64 | * | |
65 | * @param ca_modulus RSA modulus of CA public key | |
66 | * @param aik_blob AIK private key blob | |
67 | * @param aik_pubkey AIK public key | |
68 | * @return TRUE if AIK key generation succeeded | |
69 | */ | |
70 | bool (*generate_aik)(tpm_tss_t *this, chunk_t ca_modulus, | |
71 | chunk_t *aik_blob, chunk_t *aik_pubkey, | |
72 | chunk_t *identity_req); | |
73 | ||
74 | /** | |
75 | * Get public key from TPM using its object handle (TPM 2.0 only) | |
76 | * | |
77 | * @param handle key object handle | |
78 | * @return public key in PKCS#1 format | |
79 | */ | |
80 | chunk_t (*get_public)(tpm_tss_t *this, uint32_t handle); | |
81 | ||
30d4989a AS |
82 | /** |
83 | * Retrieve the current value of a PCR register in a given PCR bank | |
84 | * | |
85 | * @param pcr_num PCR number | |
86 | * @param pcr_value PCR value returned | |
87 | * @param alg hash algorithm, selects PCR bank (TPM 2.0 only) | |
88 | * @return TRUE if PCR value retrieval succeeded | |
89 | */ | |
90 | bool (*read_pcr)(tpm_tss_t *this, uint32_t pcr_num, chunk_t *pcr_value, | |
91 | hash_algorithm_t alg); | |
92 | ||
93 | /** | |
94 | * Extend a PCR register in a given PCR bank with a hash value | |
95 | * | |
96 | * @param pcr_num PCR number | |
97 | * @param pcr_value extended PCR value returned | |
98 | * @param hash data to be extended into the PCR | |
99 | * @param alg hash algorithm, selects PCR bank (TPM 2.0 only) | |
100 | * @return TRUE if PCR extension succeeded | |
101 | */ | |
102 | bool (*extend_pcr)(tpm_tss_t *this, uint32_t pcr_num, chunk_t *pcr_value, | |
103 | chunk_t data, hash_algorithm_t alg); | |
104 | ||
105 | /** | |
106 | * Do a quote signature over a selection of PCR registers | |
107 | * | |
108 | * @param aik_handle object handle of AIK to be used for quote signature | |
109 | * @param pcr_sel selection of PCR registers | |
110 | * @param alg hash algorithm to be used for quote signature | |
111 | * @param data additional data to be hashed into the quote | |
721ed31b AS |
112 | * @param quote_mode define current and legacy TPM quote modes |
113 | * @param quote_info returns various info covered by quote signature | |
114 | * @param quote_sig returns quote signature | |
30d4989a AS |
115 | * @return TRUE if quote signature succeeded |
116 | */ | |
117 | bool (*quote)(tpm_tss_t *this, uint32_t aik_handle, uint32_t pcr_sel, | |
721ed31b AS |
118 | hash_algorithm_t alg, chunk_t data, |
119 | tpm_quote_mode_t *quote_mode, | |
120 | tpm_tss_quote_info_t **quote_info, chunk_t *quote_sig); | |
30d4989a | 121 | |
e8736028 AS |
122 | /** |
123 | * Do a signature over a data hash using a TPM key handle (TPM 2.0 only) | |
124 | * | |
125 | * @param handle object handle of TPM key to be used for signature | |
126 | * @param hierarchy hierarchy the TPM key object is attached to | |
127 | * @param scheme scheme to be used for signature | |
128 | * @param data data to be hashed and signed | |
129 | * @param pin PIN code or empty chunk | |
130 | * @param signature returns signature | |
131 | * @return TRUE if signature succeeded | |
132 | */ | |
133 | bool (*sign)(tpm_tss_t *this, uint32_t hierarchy, uint32_t handle, | |
134 | signature_scheme_t scheme, chunk_t data, chunk_t pin, | |
135 | chunk_t *signature); | |
136 | ||
2b233c8a AS |
137 | /** |
138 | * Get random bytes from the TPM | |
139 | * | |
140 | * @param bytes number of random bytes requested | |
141 | * @param buffer buffer where the random bytes are written into | |
142 | * @return TRUE if random bytes could be delivered | |
143 | */ | |
144 | bool (*get_random)(tpm_tss_t *this, size_t bytes, uint8_t *buffer); | |
145 | ||
e850d000 AS |
146 | /** |
147 | * Get a data blob from TPM NV store using its object handle (TPM 2.0 only) | |
148 | * | |
149 | * @param handle object handle of TPM key to be used for signature | |
150 | * @param hierarchy hierarchy the TPM key object is attached to | |
151 | * @param pin PIN code or empty chunk | |
152 | * @param data returns data blob | |
153 | * @return TRUE if data retrieval succeeded | |
154 | */ | |
155 | bool (*get_data)(tpm_tss_t *this, uint32_t hierarchy, uint32_t handle, | |
156 | chunk_t pin, chunk_t *data); | |
157 | ||
54cdf2cb AS |
158 | /** |
159 | * Permanently load a private key into TPM NV storage (TPM 2.0 only) | |
160 | * | |
161 | * @param handle object handle to be assigned to TPM key | |
162 | * @param hierarchy hierarchy the TPM key object is attached to | |
163 | * @param pin PIN code or empty chunk | |
164 | * @param type private key type | |
165 | * @param encoding private key encoding | |
166 | * @return TRUE if load succeeded | |
167 | */ | |
168 | bool (*load_key)(tpm_tss_t *this, uint32_t hierarchy, uint32_t handle, | |
169 | chunk_t pin, key_type_t type, chunk_t encoding); | |
170 | ||
c08753bd AS |
171 | /** |
172 | * Destroy a tpm_tss_t. | |
173 | */ | |
174 | void (*destroy)(tpm_tss_t *this); | |
175 | }; | |
176 | ||
177 | /** | |
178 | * Create a tpm_tss instance. | |
179 | * | |
180 | * @param version TPM version that must be supported by TSS | |
181 | */ | |
182 | tpm_tss_t *tpm_tss_probe(tpm_version_t version); | |
183 | ||
b0315936 AS |
184 | /** |
185 | * Dummy libtpmtss initialization function needed for integrity test | |
186 | */ | |
187 | void libtpmtss_init(void); | |
188 | ||
c08753bd | 189 | #endif /** TPM_TSS_H_ @}*/ |