mirror of
https://github.com/nsacyber/HIRS.git
synced 2025-01-15 01:10:39 +00:00
146 lines
5.0 KiB
C++
146 lines
5.0 KiB
C++
/**
|
|
* Copyright (C) 2017-2018, U.S. Government
|
|
*/
|
|
#ifndef HIRS_PROVISIONERTPM2_INCLUDE_COMMANDTPM2_H_
|
|
#define HIRS_PROVISIONERTPM2_INCLUDE_COMMANDTPM2_H_
|
|
|
|
#include <Logger.h>
|
|
#include <ProvisionerTpm2.pb.h>
|
|
#include <Tpm2ToolsUtils.h>
|
|
|
|
#include <Tss.h>
|
|
|
|
#include <string>
|
|
#include <vector>
|
|
|
|
namespace hirs {
|
|
namespace tpm2 {
|
|
|
|
enum class AsymmetricKeyType {
|
|
RSA,
|
|
ECC
|
|
};
|
|
|
|
/**
|
|
* Manages the issuing of commands to tpm2-tools executables.
|
|
*/
|
|
class CommandTpm2 {
|
|
private:
|
|
static const hirs::log::Logger LOGGER;
|
|
|
|
static const int kMaxRetryCommandAttempts;
|
|
|
|
static const char* const kAKCertificateHandle;
|
|
static const char* const kTpm2ToolsTakeOwnershipCommand;
|
|
static const char* const kTpm2ToolsNvDefineCommand;
|
|
static const char* const kTpm2ToolsNvListCommand;
|
|
static const char* const kTpm2ToolsNvReadCommand;
|
|
static const char* const kTpm2ToolsNvReleaseCommand;
|
|
static const char* const kTpm2ToolsNvWriteCommand;
|
|
static const char* const kTpm2ToolsGetPubAkCommand;
|
|
static const char* const kTpm2ToolsGetPubEkCommand;
|
|
static const char* const kTpm2ToolsListPersistentCommand;
|
|
static const char* const kTpm2ToolsReadPublicCommand;
|
|
static const char* const kTpm2ToolsActivateCredential;
|
|
static const char* const kTpm2ToolsEvictControlCommand;
|
|
static const char* const kTpm2RetryCommandCode;
|
|
static const char* const kWellKnownSecret;
|
|
static const char* const kRsaAlgorithmId;
|
|
static const char* const kEccAlgorithmId;
|
|
static const char* const kDefaultAttributeValue;
|
|
static const char* const kDefaultOwnerAuthHandle;
|
|
static const char* const kDefaultRsaEkCredentialHandle;
|
|
static const char* const kDefaultEccEkCredentialHandle;
|
|
static const char* const kDefaultPlatformCredentialHandle;
|
|
static const char* const kDefaultEkHandle;
|
|
static const char* const kDefaultAkHandle;
|
|
static const char* const kDefaultAkCertFilename;
|
|
static const char* const kDefaultAkNameFilename;
|
|
static const char* const kDefaultAkPubFilename;
|
|
static const char* const kDefaultEkPubFilename;
|
|
static const char* const kTpm2ToolsGetQuoteCommand;
|
|
static const char* const kTpm2DefaultQuoteFilename;
|
|
static const char* const kTpm2DefaultSigFilename;
|
|
static const char* const kTpm2Sha256SigAlgorithm;
|
|
static const char* const kTpm2ToolsPcrListCommand;
|
|
|
|
const hirs::tpm2_tools_utils::Tpm2ToolsVersion version;
|
|
|
|
uint16_t getNvIndexDataSize(const std::string& nvIndex);
|
|
|
|
std::string readNvIndex(const std::string& beginNvIndex,
|
|
const uint16_t& dataSize);
|
|
|
|
bool hasNvIndexDefined(const std::string& nvIndex);
|
|
|
|
void releaseNvIndex(const std::string& nvIndex);
|
|
|
|
std::string createNvReadCommandArgs(const std::string& nvIndexValue,
|
|
const uint16_t& offset,
|
|
const uint16_t& readSize);
|
|
|
|
std::string createNvWriteCommandArgs(const std::string& nvIndexValue,
|
|
const std::string& writeFile);
|
|
|
|
bool hasPersistentObject(const std::string& handle);
|
|
|
|
void flushPersistentObject(const std::string& handle);
|
|
|
|
void createPublicAreaFile(const std::string& keyHandle,
|
|
const std::string& filename);
|
|
|
|
std::string getPublicArea(const std::string& filename);
|
|
|
|
std::string runTpm2CommandWithRetry(const std::string& command,
|
|
const std::string& args,
|
|
int sourceCodeLineNumber);
|
|
|
|
public:
|
|
static const char* const kDefaultIdentityClaimResponseFilename;
|
|
static const char* const kDefaultActivatedIdentityFilename;
|
|
|
|
explicit CommandTpm2(
|
|
const hirs::tpm2_tools_utils::Tpm2ToolsVersion& version
|
|
= hirs::tpm2_tools_utils::Tpm2ToolsVersionChecker
|
|
::findTpm2ToolsVersion());
|
|
|
|
void setAuthData();
|
|
|
|
std::string getEndorsementCredentialDefault(
|
|
const AsymmetricKeyType& keyType);
|
|
|
|
std::string getPlatformCredentialDefault();
|
|
|
|
std::string getStoredCredential(
|
|
const std::string& credentialHandle);
|
|
|
|
void createEndorsementKey(const AsymmetricKeyType& keyType =
|
|
AsymmetricKeyType::RSA);
|
|
|
|
std::string getEndorsementKeyPublicArea();
|
|
|
|
void createAttestationKey();
|
|
|
|
std::string getAttestationKeyPublicArea();
|
|
|
|
hirs::pb::IdentityClaim createIdentityClaim(
|
|
const hirs::pb::DeviceInfo& deviceInfo,
|
|
const std::string& akPublicArea,
|
|
const std::string& ekPublicArea,
|
|
const std::string& endorsementCredential = {},
|
|
const std::vector<std::string>& platformCredentials = {});
|
|
|
|
std::string activateIdentity();
|
|
|
|
void storeAKCertificate(const std::string& akCertificateByteString);
|
|
|
|
std::string getQuote(const std::string& pcr_selection,
|
|
const std::string& nonce);
|
|
|
|
std::string getPcrList();
|
|
};
|
|
|
|
} // namespace tpm2
|
|
} // namespace hirs
|
|
#endif // HIRS_PROVISIONERTPM2_INCLUDE_COMMANDTPM2_H_
|