summaryrefslogtreecommitdiff
path: root/src/libtpmtss/tpm_tss.h
blob: aab7a4d6c22b49d1627a39027a0d7e7e7f68bc54 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
/*
 * Copyright (C) 2018 Tobias Brunner
 * Copyright (C) 2016-2018 Andreas Steffen
 * HSR Hochschule fuer Technik Rapperswil
 *
 * This program is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License as published by the
 * Free Software Foundation; either version 2 of the License, or (at your
 * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
 *
 * This program is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
 * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 * for more details.
 */

/**
 * @defgroup libtpmtss libtpmtss
 *
 * @addtogroup libtpmtss
 * @{
 */

#ifndef TPM_TSS_H_
#define TPM_TSS_H_

#include "tpm_tss_quote_info.h"

#include <library.h>
#include <crypto/hashers/hasher.h>

typedef enum tpm_version_t tpm_version_t;
typedef struct tpm_tss_t tpm_tss_t;

/**
 * TPM Versions
 */
enum tpm_version_t {
	TPM_VERSION_ANY,
	TPM_VERSION_1_2,
	TPM_VERSION_2_0,
};

/**
 * TPM access via TSS public interface
 */
struct tpm_tss_t {

	/**
	 * Get TPM version supported by TSS
	 *
	 * @return				TPM version
	 */
	tpm_version_t (*get_version)(tpm_tss_t *this);

	/**
	 * Get TPM version info (TPM 1.2 only)
	 *
	 * @return				TPM version info struct
	 */
	chunk_t (*get_version_info)(tpm_tss_t *this);

	/**
	 * Generate AIK key pair bound to TPM (TPM 1.2 only)
	 *
	 * @param ca_modulus	RSA modulus of CA public key
	 * @param aik_blob		AIK private key blob
	 * @param aik_pubkey	AIK public key
	 * @return				TRUE if AIK key generation succeeded
	 */
	bool (*generate_aik)(tpm_tss_t *this, chunk_t ca_modulus,
						 chunk_t *aik_blob, chunk_t *aik_pubkey,
						 chunk_t *identity_req);

	/**
	 * Get public key from TPM using its object handle (TPM 2.0 only)
	 *
	 * @param handle		key object handle
	 * @return				public key in PKCS#1 format
	 */
	chunk_t (*get_public)(tpm_tss_t *this, uint32_t handle);

	/**
	 * Return signature schemes supported by the given key (TPM 2.0 only)
	 *
	 * @param handle		key object handle
	 * @return				enumerator over signature_params_t*
	 */
	enumerator_t *(*supported_signature_schemes)(tpm_tss_t *this,
												 uint32_t handle);

	/**
	 * Retrieve the current value of a PCR register in a given PCR bank
	 *
	 * @param pcr_num		PCR number
	 * @param pcr_value		PCR value returned
	 * @param alg			hash algorithm, selects PCR bank (TPM 2.0 only)
	 * @return				TRUE if PCR value retrieval succeeded
	 */
	bool (*read_pcr)(tpm_tss_t *this, uint32_t pcr_num, chunk_t *pcr_value,
					 hash_algorithm_t alg);

	/**
	 * Extend a PCR register in a given PCR bank with a hash value
	 *
	 * @param pcr_num		PCR number
	 * @param pcr_value		extended PCR value returned
	 * @param hash			data to be extended into the PCR
	 * @param alg			hash algorithm, selects PCR bank (TPM 2.0 only)
	 * @return				TRUE if PCR extension succeeded
	 */
	bool (*extend_pcr)(tpm_tss_t *this, uint32_t pcr_num, chunk_t *pcr_value,
					   chunk_t data, hash_algorithm_t alg);

	/**
	 * Do a quote signature over a selection of PCR registers
	 *
	 * @param aik_handle	object handle of AIK to be used for quote signature
	 * @param pcr_sel		selection of PCR registers
	 * @param alg			hash algorithm to be used for quote signature
	 * @param data			additional data to be hashed into the quote
	 * @param quote_mode	define current and legacy TPM quote modes
	 * @param quote_info	returns various info covered by quote signature
	 * @param quote_sig		returns quote signature
	 * @return				TRUE if quote signature succeeded
	 */
	bool (*quote)(tpm_tss_t *this, uint32_t aik_handle, uint32_t pcr_sel,
				  hash_algorithm_t alg, chunk_t data,
				  tpm_quote_mode_t *quote_mode,
				  tpm_tss_quote_info_t **quote_info, chunk_t *quote_sig);

	/**
	 * Do a signature over a data hash using a TPM key handle (TPM 2.0 only)
	 *
	 * @param handle		object handle of TPM key to be used for signature
	 * @param hierarchy		hierarchy the TPM key object is attached to
	 * @param scheme		scheme to be used for signature
	 * @param param			signature scheme parameters
	 * @param data			data to be hashed and signed
	 * @param pin			PIN code or empty chunk
	 * @param signature		returns signature
	 * @return				TRUE if signature succeeded
	 */
	bool (*sign)(tpm_tss_t *this, uint32_t hierarchy, uint32_t handle,
				 signature_scheme_t scheme, void *params, chunk_t data,
				 chunk_t pin, chunk_t *signature);

	/**
	 * Get random bytes from the TPM
	 *
	 * @param bytes			number of random bytes requested
	 * @param buffer		buffer where the random bytes are written into
	 * @return				TRUE if random bytes could be delivered
	 */
	bool (*get_random)(tpm_tss_t *this, size_t bytes, uint8_t *buffer);

	/**
	 * Get a data blob from TPM NV store using its object handle (TPM 2.0 only)
	 *
	 * @param handle		object handle of TPM key to be used for signature
	 * @param hierarchy		hierarchy the TPM key object is attached to
	 * @param pin			PIN code or empty chunk
	 * @param data			returns data blob
	 * @return				TRUE if data retrieval succeeded
	 */
	bool (*get_data)(tpm_tss_t *this, uint32_t hierarchy, uint32_t handle,
					 chunk_t pin, chunk_t *data);

	/**
	 * Destroy a tpm_tss_t.
	 */
	void (*destroy)(tpm_tss_t *this);
};

/**
 * Create a tpm_tss instance.
 *
 * @param version	TPM version that must be supported by TSS
 */
tpm_tss_t *tpm_tss_probe(tpm_version_t version);

/**
 * libtpmtss initialization function
 *
 * @return					TRUE if initialization was successful
 */
bool libtpmtss_init(void);

/**
 * libtpmtss de-initialization function
 */
void libtpmtss_deinit(void);

#endif /** TPM_TSS_H_ @}*/