/** * Copyright (C) 2017-2018, U.S. Government */ #ifndef HIRS_PROVISIONERTPM2_INCLUDE_COMMANDTPM2_H_ #define HIRS_PROVISIONERTPM2_INCLUDE_COMMANDTPM2_H_ #include #include #include #include #include #include namespace hirs { namespace tpm2 { enum class AsymmetricKeyType { RSA, ECC }; /** * Manages the issuing of commands to tpm2-tools executables. */ class CommandTpm2 { private: static const hirs::log::Logger LOGGER; static const int kMaxRetryCommandAttempts; static const char* const kAKCertificateHandle; static const char* const kTpm2ToolsTakeOwnershipCommand; static const char* const kTpm2ToolsNvDefineCommand; static const char* const kTpm2ToolsNvListCommand; static const char* const kTpm2ToolsNvReadCommand; static const char* const kTpm2ToolsNvReleaseCommand; static const char* const kTpm2ToolsNvWriteCommand; static const char* const kTpm2ToolsGetPubAkCommand; static const char* const kTpm2ToolsGetPubEkCommand; static const char* const kTpm2ToolsListPersistentCommand; static const char* const kTpm2ToolsReadPublicCommand; static const char* const kTpm2ToolsActivateCredential; static const char* const kTpm2ToolsEvictControlCommand; static const char* const kTpm2RetryCommandCode; static const char* const kWellKnownSecret; static const char* const kRsaAlgorithmId; static const char* const kEccAlgorithmId; static const char* const kDefaultAttributeValue; static const char* const kDefaultOwnerAuthHandle; static const char* const kDefaultRsaEkCredentialHandle; static const char* const kDefaultEccEkCredentialHandle; static const char* const kDefaultPlatformCredentialHandle; static const char* const kDefaultEkHandle; static const char* const kDefaultAkHandle; static const char* const kDefaultAkCertFilename; static const char* const kDefaultAkNameFilename; static const char* const kDefaultAkPubFilename; static const char* const kDefaultEkPubFilename; const hirs::tpm2_tools_utils::Tpm2ToolsVersion version; uint16_t getNvIndexDataSize(const std::string& nvIndex); std::string readNvIndex(const std::string& beginNvIndex, const uint16_t& dataSize); bool hasNvIndexDefined(const std::string& nvIndex); void releaseNvIndex(const std::string& nvIndex); std::string createNvReadCommandArgs(const std::string& nvIndexValue, const uint16_t& offset, const uint16_t& readSize); std::string createNvWriteCommandArgs(const std::string& nvIndexValue, const std::string& writeFile); bool hasPersistentObject(const std::string& handle); void flushPersistentObject(const std::string& handle); void createPublicAreaFile(const std::string& keyHandle, const std::string& filename); std::string getPublicArea(const std::string& filename); std::string runTpm2CommandWithRetry(const std::string& command, const std::string& args, int sourceCodeLineNumber); public: static const char* const kDefaultIdentityClaimResponseFilename; static const char* const kDefaultActivatedIdentityFilename; explicit CommandTpm2( const hirs::tpm2_tools_utils::Tpm2ToolsVersion& version = hirs::tpm2_tools_utils::Tpm2ToolsVersionChecker ::findTpm2ToolsVersion()); void setAuthData(); std::string getEndorsementCredentialDefault( const AsymmetricKeyType& keyType); std::string getPlatformCredentialDefault(); std::string getStoredCredential( const std::string& credentialHandle); void createEndorsementKey(const AsymmetricKeyType& keyType = AsymmetricKeyType::RSA); std::string getEndorsementKeyPublicArea(); void createAttestationKey(); std::string getAttestationKeyPublicArea(); hirs::pb::IdentityClaim createIdentityClaim( const hirs::pb::DeviceInfo& deviceInfo, const std::string& akPublicArea, const std::string& ekPublicArea, const std::string& endorsementCredential = {}, const std::vector& platformCredentials = {}); std::string activateIdentity(); void storeAKCertificate(const std::string& akCertificateByteString); void getQuote(const std::string& akLocation, TPML_PCR_SELECTION* pcrSelection); }; } // namespace tpm2 } // namespace hirs #endif // HIRS_PROVISIONERTPM2_INCLUDE_COMMANDTPM2_H_