tpm_utility.h revision 1ef82e4a52abc91d0e8db12500c2da0d8c21f62c
1c364caa9d091baae8eeb9144a6abf69e1fcabb39Darren Krahn// Copyright 2014 The Chromium OS Authors. All rights reserved. 2c364caa9d091baae8eeb9144a6abf69e1fcabb39Darren Krahn// Use of this source code is governed by a BSD-style license that can be 3c364caa9d091baae8eeb9144a6abf69e1fcabb39Darren Krahn// found in the LICENSE file. 4c364caa9d091baae8eeb9144a6abf69e1fcabb39Darren Krahn 5c364caa9d091baae8eeb9144a6abf69e1fcabb39Darren Krahn#ifndef TRUNKS_TPM_UTILITY_H_ 6c364caa9d091baae8eeb9144a6abf69e1fcabb39Darren Krahn#define TRUNKS_TPM_UTILITY_H_ 7c364caa9d091baae8eeb9144a6abf69e1fcabb39Darren Krahn 8e31034f28641c9bc3e5576cab6d2c7d918bb427cUtkarsh Sanghi#include <string> 9e31034f28641c9bc3e5576cab6d2c7d918bb427cUtkarsh Sanghi 10c364caa9d091baae8eeb9144a6abf69e1fcabb39Darren Krahn#include <base/macros.h> 11c364caa9d091baae8eeb9144a6abf69e1fcabb39Darren Krahn#include <chromeos/chromeos_export.h> 12c364caa9d091baae8eeb9144a6abf69e1fcabb39Darren Krahn 132ff7e22ba2ef3bb7ce2747b1b9706dd242ef9284Utkarsh Sanghi#include "trunks/authorization_session.h" 14c364caa9d091baae8eeb9144a6abf69e1fcabb39Darren Krahn#include "trunks/tpm_generated.h" 15c364caa9d091baae8eeb9144a6abf69e1fcabb39Darren Krahn 16c364caa9d091baae8eeb9144a6abf69e1fcabb39Darren Krahnnamespace trunks { 17c364caa9d091baae8eeb9144a6abf69e1fcabb39Darren Krahn 1852e2a45f585fbe34032eae5b094a092afdf217caDarren Krahn// These handles will be used by TpmUtility to create storage root keys. 1952e2a45f585fbe34032eae5b094a092afdf217caDarren Krahnconst TPMI_DH_PERSISTENT kRSAStorageRootKey = PERSISTENT_FIRST; 2052e2a45f585fbe34032eae5b094a092afdf217caDarren Krahnconst TPMI_DH_PERSISTENT kECCStorageRootKey = PERSISTENT_FIRST + 1; 212ee32a9d61896f544d87ecee24dc25cc33c9ebb3Utkarsh Sanghiconst TPMI_DH_PERSISTENT kSaltingKey = PERSISTENT_FIRST + 2; 2252e2a45f585fbe34032eae5b094a092afdf217caDarren Krahn 2303d54dfbcbdd04384e8c0419b7c45282664a2c1aDarren Krahn// An interface which provides convenient methods for common TPM operations. 24c364caa9d091baae8eeb9144a6abf69e1fcabb39Darren Krahnclass CHROMEOS_EXPORT TpmUtility { 25c364caa9d091baae8eeb9144a6abf69e1fcabb39Darren Krahn public: 2682b03cf80cbe7ab5d5edb2cb46d245721e993a68Utkarsh Sanghi enum AsymmetricKeyUsage { 2782b03cf80cbe7ab5d5edb2cb46d245721e993a68Utkarsh Sanghi kDecryptKey, 2882b03cf80cbe7ab5d5edb2cb46d245721e993a68Utkarsh Sanghi kSignKey, 2982b03cf80cbe7ab5d5edb2cb46d245721e993a68Utkarsh Sanghi kDecryptAndSignKey 3082b03cf80cbe7ab5d5edb2cb46d245721e993a68Utkarsh Sanghi }; 3182b03cf80cbe7ab5d5edb2cb46d245721e993a68Utkarsh Sanghi 32c364caa9d091baae8eeb9144a6abf69e1fcabb39Darren Krahn TpmUtility() {} 33c364caa9d091baae8eeb9144a6abf69e1fcabb39Darren Krahn virtual ~TpmUtility() {} 34c364caa9d091baae8eeb9144a6abf69e1fcabb39Darren Krahn 3503d54dfbcbdd04384e8c0419b7c45282664a2c1aDarren Krahn // Synchronously performs a TPM startup sequence and self tests. Typically 3603d54dfbcbdd04384e8c0419b7c45282664a2c1aDarren Krahn // this is done by the platform firmware. Returns the result of the startup 3703d54dfbcbdd04384e8c0419b7c45282664a2c1aDarren Krahn // and self-tests or, if already started, just the result of the self-tests. 3803d54dfbcbdd04384e8c0419b7c45282664a2c1aDarren Krahn virtual TPM_RC Startup() = 0; 3903d54dfbcbdd04384e8c0419b7c45282664a2c1aDarren Krahn 40d75dcae8a010d1ced7554dd25a440bee350a2d06Utkarsh Sanghi // This method removes all TPM context associated with a specific Owner. 41d75dcae8a010d1ced7554dd25a440bee350a2d06Utkarsh Sanghi // As part of this process, it resets the SPS to a new random value, and 42d75dcae8a010d1ced7554dd25a440bee350a2d06Utkarsh Sanghi // clears ownerAuth, endorsementAuth and lockoutAuth. 43d75dcae8a010d1ced7554dd25a440bee350a2d06Utkarsh Sanghi // NOTE: This method needs to be called before InitializeTPM. 44d75dcae8a010d1ced7554dd25a440bee350a2d06Utkarsh Sanghi virtual TPM_RC Clear() = 0; 45d75dcae8a010d1ced7554dd25a440bee350a2d06Utkarsh Sanghi 46e8b9a556d4561617747fed4ee5ced70fce9a4392Utkarsh Sanghi // Synchronously performs a TPM shutdown operation. It should always be 47e8b9a556d4561617747fed4ee5ced70fce9a4392Utkarsh Sanghi // successful. 48e8b9a556d4561617747fed4ee5ced70fce9a4392Utkarsh Sanghi virtual void Shutdown() = 0; 49e8b9a556d4561617747fed4ee5ced70fce9a4392Utkarsh Sanghi 5003d54dfbcbdd04384e8c0419b7c45282664a2c1aDarren Krahn // Synchronously prepares a TPM for use by Chromium OS. Typically this is done 5103d54dfbcbdd04384e8c0419b7c45282664a2c1aDarren Krahn // by the platform firmware and, in that case, this method has no effect. 52c364caa9d091baae8eeb9144a6abf69e1fcabb39Darren Krahn virtual TPM_RC InitializeTpm() = 0; 53c364caa9d091baae8eeb9144a6abf69e1fcabb39Darren Krahn 542ee32a9d61896f544d87ecee24dc25cc33c9ebb3Utkarsh Sanghi // Synchronously takes ownership of the TPM with the given passwords as 552ee32a9d61896f544d87ecee24dc25cc33c9ebb3Utkarsh Sanghi // authorization values. 562ee32a9d61896f544d87ecee24dc25cc33c9ebb3Utkarsh Sanghi virtual TPM_RC TakeOwnership(const std::string& owner_password, 572ee32a9d61896f544d87ecee24dc25cc33c9ebb3Utkarsh Sanghi const std::string& endorsement_password, 582ee32a9d61896f544d87ecee24dc25cc33c9ebb3Utkarsh Sanghi const std::string& lockout_password) = 0; 592ee32a9d61896f544d87ecee24dc25cc33c9ebb3Utkarsh Sanghi 60e31034f28641c9bc3e5576cab6d2c7d918bb427cUtkarsh Sanghi // Stir the tpm random generation module with some random entropy data. 61e31034f28641c9bc3e5576cab6d2c7d918bb427cUtkarsh Sanghi virtual TPM_RC StirRandom(const std::string& entropy_data) = 0; 62e31034f28641c9bc3e5576cab6d2c7d918bb427cUtkarsh Sanghi 63e31034f28641c9bc3e5576cab6d2c7d918bb427cUtkarsh Sanghi // This method returns |num_bytes| of random data generated by the tpm. 6435af244e7cf856a02e46ec8f186f36c53582757dUtkarsh Sanghi virtual TPM_RC GenerateRandom(size_t num_bytes, std::string* random_data) = 0; 65e31034f28641c9bc3e5576cab6d2c7d918bb427cUtkarsh Sanghi 66579dd8a934c684f2e2a34d9aa2f67953320428acUtkarsh Sanghi // This method extends the pcr specified by |pcr_index| with the SHA256 67579dd8a934c684f2e2a34d9aa2f67953320428acUtkarsh Sanghi // hash of |extend_data|. The exact action performed is 68579dd8a934c684f2e2a34d9aa2f67953320428acUtkarsh Sanghi // TPM2_PCR_Extend(Sha256(extend_data)); 69579dd8a934c684f2e2a34d9aa2f67953320428acUtkarsh Sanghi virtual TPM_RC ExtendPCR(int pcr_index, const std::string& extend_data) = 0; 70579dd8a934c684f2e2a34d9aa2f67953320428acUtkarsh Sanghi 71579dd8a934c684f2e2a34d9aa2f67953320428acUtkarsh Sanghi // This method reads the pcr specified by |pcr_index| and returns its value 72579dd8a934c684f2e2a34d9aa2f67953320428acUtkarsh Sanghi // in |pcr_value|. NOTE: it assumes we are using SHA256 as our hash alg. 73579dd8a934c684f2e2a34d9aa2f67953320428acUtkarsh Sanghi virtual TPM_RC ReadPCR(int pcr_index, std::string* pcr_value) = 0; 74579dd8a934c684f2e2a34d9aa2f67953320428acUtkarsh Sanghi 75b3ba5e0b579a5462c7137cf49b49cc9a78d87944Utkarsh Sanghi // This method performs an encryption operation using a LOADED RSA key 76b3ba5e0b579a5462c7137cf49b49cc9a78d87944Utkarsh Sanghi // referrenced by its handle |key_handle|. The |plaintext| is then encrypted 77b3ba5e0b579a5462c7137cf49b49cc9a78d87944Utkarsh Sanghi // to give us the |ciphertext|. |scheme| refers to the encryption scheme 78748f7d68284813a78b883f9c05988f6de535fc8aUtkarsh Sanghi // to be used. By default keys use OAEP, but can also use TPM_ALG_RSAES. 79b3ba5e0b579a5462c7137cf49b49cc9a78d87944Utkarsh Sanghi virtual TPM_RC AsymmetricEncrypt(TPM_HANDLE key_handle, 80b3ba5e0b579a5462c7137cf49b49cc9a78d87944Utkarsh Sanghi TPM_ALG_ID scheme, 819dc77fecdb2446da134b9b2901173bb4dcf5e5e4Utkarsh Sanghi TPM_ALG_ID hash_alg, 82b3ba5e0b579a5462c7137cf49b49cc9a78d87944Utkarsh Sanghi const std::string& plaintext, 83b3ba5e0b579a5462c7137cf49b49cc9a78d87944Utkarsh Sanghi std::string* ciphertext) = 0; 84b3ba5e0b579a5462c7137cf49b49cc9a78d87944Utkarsh Sanghi 85b3ba5e0b579a5462c7137cf49b49cc9a78d87944Utkarsh Sanghi // This method performs a decyption operating using a loaded RSA key 86b3ba5e0b579a5462c7137cf49b49cc9a78d87944Utkarsh Sanghi // referenced by its handle |key_handle|. The |ciphertext| is then decrypted 871ef82e4a52abc91d0e8db12500c2da0d8c21f62cUtkarsh Sanghi // to give us the |plaintext|. |scheme| refers to the decryption scheme 881ef82e4a52abc91d0e8db12500c2da0d8c21f62cUtkarsh Sanghi // used. By default it is OAEP, but TPM_ALG_RSAES can be specified. 891ef82e4a52abc91d0e8db12500c2da0d8c21f62cUtkarsh Sanghi // |session| is an AuthorizationSession that has been populated with 901ef82e4a52abc91d0e8db12500c2da0d8c21f62cUtkarsh Sanghi // the authorization to use the given |key_handle|. 91b3ba5e0b579a5462c7137cf49b49cc9a78d87944Utkarsh Sanghi virtual TPM_RC AsymmetricDecrypt(TPM_HANDLE key_handle, 92b3ba5e0b579a5462c7137cf49b49cc9a78d87944Utkarsh Sanghi TPM_ALG_ID scheme, 939dc77fecdb2446da134b9b2901173bb4dcf5e5e4Utkarsh Sanghi TPM_ALG_ID hash_alg, 94b3ba5e0b579a5462c7137cf49b49cc9a78d87944Utkarsh Sanghi const std::string& ciphertext, 952ff7e22ba2ef3bb7ce2747b1b9706dd242ef9284Utkarsh Sanghi AuthorizationSession* session, 96b3ba5e0b579a5462c7137cf49b49cc9a78d87944Utkarsh Sanghi std::string* plaintext) = 0; 97b3ba5e0b579a5462c7137cf49b49cc9a78d87944Utkarsh Sanghi 98748f7d68284813a78b883f9c05988f6de535fc8aUtkarsh Sanghi // This method takes an unrestricted signing key referenced by |key_handle| 99887ccbcc4db5fa0b5221018296aa49b86a5ac26fUtkarsh Sanghi // and uses it to sign the hash of |plaintext|. The signature produced is 1001ef82e4a52abc91d0e8db12500c2da0d8c21f62cUtkarsh Sanghi // returned using the |signature| argument. |scheme| is used to specify the 1011ef82e4a52abc91d0e8db12500c2da0d8c21f62cUtkarsh Sanghi // signature scheme used. By default it is TPM_ALG_RSASSA, but TPM_ALG_RSAPPS 1021ef82e4a52abc91d0e8db12500c2da0d8c21f62cUtkarsh Sanghi // can be specified. |hash_alg| is the algorithm used in the signing 1031ef82e4a52abc91d0e8db12500c2da0d8c21f62cUtkarsh Sanghi // operation. It is by default TPM_ALG_SHA256. |session| is an 1041ef82e4a52abc91d0e8db12500c2da0d8c21f62cUtkarsh Sanghi // AuthorizationSession that has been populated with the authorization 1051ef82e4a52abc91d0e8db12500c2da0d8c21f62cUtkarsh Sanghi // to use the given |key_handle|. 106748f7d68284813a78b883f9c05988f6de535fc8aUtkarsh Sanghi virtual TPM_RC Sign(TPM_HANDLE key_handle, 107748f7d68284813a78b883f9c05988f6de535fc8aUtkarsh Sanghi TPM_ALG_ID scheme, 108748f7d68284813a78b883f9c05988f6de535fc8aUtkarsh Sanghi TPM_ALG_ID hash_alg, 109887ccbcc4db5fa0b5221018296aa49b86a5ac26fUtkarsh Sanghi const std::string& plaintext, 1102ff7e22ba2ef3bb7ce2747b1b9706dd242ef9284Utkarsh Sanghi AuthorizationSession* session, 111748f7d68284813a78b883f9c05988f6de535fc8aUtkarsh Sanghi std::string* signature) = 0; 112748f7d68284813a78b883f9c05988f6de535fc8aUtkarsh Sanghi 113887ccbcc4db5fa0b5221018296aa49b86a5ac26fUtkarsh Sanghi // This method verifies that the signature produced on the plaintext was 114748f7d68284813a78b883f9c05988f6de535fc8aUtkarsh Sanghi // performed by |key_handle|. |scheme| and |hash| refer to the signature 115887ccbcc4db5fa0b5221018296aa49b86a5ac26fUtkarsh Sanghi // scheme used to sign the hash of |plaintext| and produce the signature. 116887ccbcc4db5fa0b5221018296aa49b86a5ac26fUtkarsh Sanghi // This value is by default TPM_ALG_RSASSA with TPM_ALG_SHA256 but can take 117887ccbcc4db5fa0b5221018296aa49b86a5ac26fUtkarsh Sanghi // the value of TPM_ALG_RSAPPS with other hash algorithms supported by the 118887ccbcc4db5fa0b5221018296aa49b86a5ac26fUtkarsh Sanghi // tpm. Returns TPM_RC_SUCCESS when the signature is correct. 119748f7d68284813a78b883f9c05988f6de535fc8aUtkarsh Sanghi virtual TPM_RC Verify(TPM_HANDLE key_handle, 120748f7d68284813a78b883f9c05988f6de535fc8aUtkarsh Sanghi TPM_ALG_ID scheme, 121748f7d68284813a78b883f9c05988f6de535fc8aUtkarsh Sanghi TPM_ALG_ID hash_alg, 122887ccbcc4db5fa0b5221018296aa49b86a5ac26fUtkarsh Sanghi const std::string& plaintext, 123748f7d68284813a78b883f9c05988f6de535fc8aUtkarsh Sanghi const std::string& signature) = 0; 124748f7d68284813a78b883f9c05988f6de535fc8aUtkarsh Sanghi 12533ca033c9665b8496f3491037403ae1574a54227Utkarsh Sanghi // This method is used to change the authorization value associated with a 1261ef82e4a52abc91d0e8db12500c2da0d8c21f62cUtkarsh Sanghi // |key_handle| to |new_password|. |session| is an AuthorizationSession 1271ef82e4a52abc91d0e8db12500c2da0d8c21f62cUtkarsh Sanghi // that is loaded with the old authorization value of |key_handle|. 12833ca033c9665b8496f3491037403ae1574a54227Utkarsh Sanghi // When |key_blob| is not null, it is populated with the new encrypted key 12933ca033c9665b8496f3491037403ae1574a54227Utkarsh Sanghi // blob. Note: the key must be unloaded and reloaded to use the 13033ca033c9665b8496f3491037403ae1574a54227Utkarsh Sanghi // new authorization value. 13133ca033c9665b8496f3491037403ae1574a54227Utkarsh Sanghi virtual TPM_RC ChangeKeyAuthorizationData(TPM_HANDLE key_handle, 13233ca033c9665b8496f3491037403ae1574a54227Utkarsh Sanghi const std::string& new_password, 13333ca033c9665b8496f3491037403ae1574a54227Utkarsh Sanghi AuthorizationSession* session, 13433ca033c9665b8496f3491037403ae1574a54227Utkarsh Sanghi std::string* key_blob) = 0; 13533ca033c9665b8496f3491037403ae1574a54227Utkarsh Sanghi 13633ca033c9665b8496f3491037403ae1574a54227Utkarsh Sanghi // This method imports an external RSA key of |key_type| into the TPM. 13733ca033c9665b8496f3491037403ae1574a54227Utkarsh Sanghi // |modulus| and |prime_factor| are interpreted as raw bytes in big-endian 13833ca033c9665b8496f3491037403ae1574a54227Utkarsh Sanghi // order. If the out argument |key_blob| is not null, it is populated with 13933ca033c9665b8496f3491037403ae1574a54227Utkarsh Sanghi // the imported key, which can then be loaded into the TPM. 14033ca033c9665b8496f3491037403ae1574a54227Utkarsh Sanghi virtual TPM_RC ImportRSAKey(AsymmetricKeyUsage key_type, 14133ca033c9665b8496f3491037403ae1574a54227Utkarsh Sanghi const std::string& modulus, 14233ca033c9665b8496f3491037403ae1574a54227Utkarsh Sanghi uint32_t public_exponent, 14333ca033c9665b8496f3491037403ae1574a54227Utkarsh Sanghi const std::string& prime_factor, 14433ca033c9665b8496f3491037403ae1574a54227Utkarsh Sanghi const std::string& password, 14533ca033c9665b8496f3491037403ae1574a54227Utkarsh Sanghi AuthorizationSession* session, 14633ca033c9665b8496f3491037403ae1574a54227Utkarsh Sanghi std::string* key_blob) = 0; 14733ca033c9665b8496f3491037403ae1574a54227Utkarsh Sanghi 14882b03cf80cbe7ab5d5edb2cb46d245721e993a68Utkarsh Sanghi // This method creates an RSA key. It creates a 2048 bit RSA key with 14982b03cf80cbe7ab5d5edb2cb46d245721e993a68Utkarsh Sanghi // public exponent of 0x10001. |key_type| determines whether the key is 15082b03cf80cbe7ab5d5edb2cb46d245721e993a68Utkarsh Sanghi // a signing key, a decryption key, or both. The |password| parameter 15182b03cf80cbe7ab5d5edb2cb46d245721e993a68Utkarsh Sanghi // is used as the authorization for the created key. The created key 1526465502c740d2599d95e09232c744f6d2ed54505Utkarsh Sanghi // is then loaded and its handle is returned as |key_handle|. The out 1536465502c740d2599d95e09232c744f6d2ed54505Utkarsh Sanghi // argument |key_blob| can be used to load the key in the future. 1542ff7e22ba2ef3bb7ce2747b1b9706dd242ef9284Utkarsh Sanghi // |session| is an optional argument pointing to the Authorization session 1552ff7e22ba2ef3bb7ce2747b1b9706dd242ef9284Utkarsh Sanghi // to be used with this command. If it is not specified, we request and 1562ff7e22ba2ef3bb7ce2747b1b9706dd242ef9284Utkarsh Sanghi // initialize a new session. 1576465502c740d2599d95e09232c744f6d2ed54505Utkarsh Sanghi virtual TPM_RC CreateAndLoadRSAKey(AsymmetricKeyUsage key_type, 1586465502c740d2599d95e09232c744f6d2ed54505Utkarsh Sanghi const std::string& password, 1592ff7e22ba2ef3bb7ce2747b1b9706dd242ef9284Utkarsh Sanghi AuthorizationSession* session, 1606465502c740d2599d95e09232c744f6d2ed54505Utkarsh Sanghi TPM_HANDLE* key_handle, 1616465502c740d2599d95e09232c744f6d2ed54505Utkarsh Sanghi std::string* key_blob) = 0; 1626465502c740d2599d95e09232c744f6d2ed54505Utkarsh Sanghi 1636465502c740d2599d95e09232c744f6d2ed54505Utkarsh Sanghi // This method uses the TPM to generates an RSA key of type |key_type|. 1646465502c740d2599d95e09232c744f6d2ed54505Utkarsh Sanghi // |modulus_bits| is used to specify the size of the modulus, and 1656465502c740d2599d95e09232c744f6d2ed54505Utkarsh Sanghi // |public_exponent| specifies the exponent of the key. After this function 1666465502c740d2599d95e09232c744f6d2ed54505Utkarsh Sanghi // terminates, |key_blob| contains a key blob that can be loaded into the TPM. 1672ff7e22ba2ef3bb7ce2747b1b9706dd242ef9284Utkarsh Sanghi // |session| is an optional argument pointing to the Authorization session 1682ff7e22ba2ef3bb7ce2747b1b9706dd242ef9284Utkarsh Sanghi // to be used with this command. If it is not specified, we request and 1692ff7e22ba2ef3bb7ce2747b1b9706dd242ef9284Utkarsh Sanghi // initialize a new session. 1706465502c740d2599d95e09232c744f6d2ed54505Utkarsh Sanghi virtual TPM_RC CreateRSAKeyPair(AsymmetricKeyUsage key_type, 1716465502c740d2599d95e09232c744f6d2ed54505Utkarsh Sanghi int modulus_bits, 1726465502c740d2599d95e09232c744f6d2ed54505Utkarsh Sanghi uint32_t public_exponent, 1736465502c740d2599d95e09232c744f6d2ed54505Utkarsh Sanghi const std::string& password, 1742ff7e22ba2ef3bb7ce2747b1b9706dd242ef9284Utkarsh Sanghi AuthorizationSession* session, 1756465502c740d2599d95e09232c744f6d2ed54505Utkarsh Sanghi std::string* key_blob) = 0; 1766465502c740d2599d95e09232c744f6d2ed54505Utkarsh Sanghi 1776465502c740d2599d95e09232c744f6d2ed54505Utkarsh Sanghi // This method loads a pregenerated TPM key into the TPM. |key_blob| contains 1786465502c740d2599d95e09232c744f6d2ed54505Utkarsh Sanghi // the blob returned by a key creation function. The loaded key's handle is 1796465502c740d2599d95e09232c744f6d2ed54505Utkarsh Sanghi // returned using |key_handle|. 1802ff7e22ba2ef3bb7ce2747b1b9706dd242ef9284Utkarsh Sanghi // |session| is an optional argument pointing to the Authorization session 1812ff7e22ba2ef3bb7ce2747b1b9706dd242ef9284Utkarsh Sanghi // to be used with this command. If it is not specified, we request and 1822ff7e22ba2ef3bb7ce2747b1b9706dd242ef9284Utkarsh Sanghi // initialize a new session. 1836465502c740d2599d95e09232c744f6d2ed54505Utkarsh Sanghi virtual TPM_RC LoadKey(const std::string& key_blob, 1842ff7e22ba2ef3bb7ce2747b1b9706dd242ef9284Utkarsh Sanghi AuthorizationSession* session, 1856465502c740d2599d95e09232c744f6d2ed54505Utkarsh Sanghi TPM_HANDLE* key_handle) = 0; 1866465502c740d2599d95e09232c744f6d2ed54505Utkarsh Sanghi 1876465502c740d2599d95e09232c744f6d2ed54505Utkarsh Sanghi // This function sets |name| to the name of the object referenced by 1886465502c740d2599d95e09232c744f6d2ed54505Utkarsh Sanghi // |handle|. This function only works on Transient and Permanent objects. 1896465502c740d2599d95e09232c744f6d2ed54505Utkarsh Sanghi virtual TPM_RC GetKeyName(TPM_HANDLE handle, std::string* name) = 0; 1906465502c740d2599d95e09232c744f6d2ed54505Utkarsh Sanghi 1916465502c740d2599d95e09232c744f6d2ed54505Utkarsh Sanghi // This function returns the public area of a handle in the tpm. 1926465502c740d2599d95e09232c744f6d2ed54505Utkarsh Sanghi virtual TPM_RC GetKeyPublicArea(TPM_HANDLE handle, 1936465502c740d2599d95e09232c744f6d2ed54505Utkarsh Sanghi TPM2B_PUBLIC* public_data) = 0; 19482b03cf80cbe7ab5d5edb2cb46d245721e993a68Utkarsh Sanghi 19539dd58452d7fe3ebe93490a6239a76b385bd676dUtkarsh Sanghi // This method defines a non-volatile storage area in the TPM, referenced 19639dd58452d7fe3ebe93490a6239a76b385bd676dUtkarsh Sanghi // by |index| of size |num_bytes|. This command needs owner authorization. 19739dd58452d7fe3ebe93490a6239a76b385bd676dUtkarsh Sanghi // By default non-volatile space created is unlocked and anyone can write to 19839dd58452d7fe3ebe93490a6239a76b385bd676dUtkarsh Sanghi // it. The space can be permanently locked for writing by calling the 19939dd58452d7fe3ebe93490a6239a76b385bd676dUtkarsh Sanghi // LockNVSpace method. 20039dd58452d7fe3ebe93490a6239a76b385bd676dUtkarsh Sanghi virtual TPM_RC DefineNVSpace(uint32_t index, 20139dd58452d7fe3ebe93490a6239a76b385bd676dUtkarsh Sanghi size_t num_bytes, 20239dd58452d7fe3ebe93490a6239a76b385bd676dUtkarsh Sanghi AuthorizationSession* session) = 0; 20339dd58452d7fe3ebe93490a6239a76b385bd676dUtkarsh Sanghi 20439dd58452d7fe3ebe93490a6239a76b385bd676dUtkarsh Sanghi // This method destroys the non-volatile space referred to by |index|. 20539dd58452d7fe3ebe93490a6239a76b385bd676dUtkarsh Sanghi // This command needs owner authorization. 20639dd58452d7fe3ebe93490a6239a76b385bd676dUtkarsh Sanghi virtual TPM_RC DestroyNVSpace(uint32_t index, 20739dd58452d7fe3ebe93490a6239a76b385bd676dUtkarsh Sanghi AuthorizationSession* session) = 0; 20839dd58452d7fe3ebe93490a6239a76b385bd676dUtkarsh Sanghi 20939dd58452d7fe3ebe93490a6239a76b385bd676dUtkarsh Sanghi // This method locks the non-volatile space referred to by |index|. After a 21039dd58452d7fe3ebe93490a6239a76b385bd676dUtkarsh Sanghi // non-volatile space has been locked, it cannot be written to. Locked spaces 21139dd58452d7fe3ebe93490a6239a76b385bd676dUtkarsh Sanghi // can still be freely read. 21239dd58452d7fe3ebe93490a6239a76b385bd676dUtkarsh Sanghi virtual TPM_RC LockNVSpace(uint32_t index, AuthorizationSession* session) = 0; 21339dd58452d7fe3ebe93490a6239a76b385bd676dUtkarsh Sanghi 21439dd58452d7fe3ebe93490a6239a76b385bd676dUtkarsh Sanghi // This method writes |nvram_data| to the non-volatile space referenced by 21539dd58452d7fe3ebe93490a6239a76b385bd676dUtkarsh Sanghi // |index|, at |offset| bytes from the start of the non-volatile space. 21639dd58452d7fe3ebe93490a6239a76b385bd676dUtkarsh Sanghi virtual TPM_RC WriteNVSpace(uint32_t index, 21739dd58452d7fe3ebe93490a6239a76b385bd676dUtkarsh Sanghi uint32_t offset, 21839dd58452d7fe3ebe93490a6239a76b385bd676dUtkarsh Sanghi const std::string& nvram_data, 21939dd58452d7fe3ebe93490a6239a76b385bd676dUtkarsh Sanghi AuthorizationSession* session) = 0; 22039dd58452d7fe3ebe93490a6239a76b385bd676dUtkarsh Sanghi 22139dd58452d7fe3ebe93490a6239a76b385bd676dUtkarsh Sanghi // This method reads |num_bytes| of data from the |offset| located at the 22239dd58452d7fe3ebe93490a6239a76b385bd676dUtkarsh Sanghi // non-volatile space defined by |index|. This method returns an error if 22339dd58452d7fe3ebe93490a6239a76b385bd676dUtkarsh Sanghi // |length| + |offset| is larger than the size of the defined non-volatile 22439dd58452d7fe3ebe93490a6239a76b385bd676dUtkarsh Sanghi // space. 22539dd58452d7fe3ebe93490a6239a76b385bd676dUtkarsh Sanghi virtual TPM_RC ReadNVSpace(uint32_t index, 22639dd58452d7fe3ebe93490a6239a76b385bd676dUtkarsh Sanghi uint32_t offset, 22739dd58452d7fe3ebe93490a6239a76b385bd676dUtkarsh Sanghi size_t num_bytes, 22839dd58452d7fe3ebe93490a6239a76b385bd676dUtkarsh Sanghi std::string* nvram_data, 22939dd58452d7fe3ebe93490a6239a76b385bd676dUtkarsh Sanghi AuthorizationSession* session) = 0; 23039dd58452d7fe3ebe93490a6239a76b385bd676dUtkarsh Sanghi 23139dd58452d7fe3ebe93490a6239a76b385bd676dUtkarsh Sanghi // This function sets |name| to the name of the non-volatile space referenced 23239dd58452d7fe3ebe93490a6239a76b385bd676dUtkarsh Sanghi // by |index|. 23339dd58452d7fe3ebe93490a6239a76b385bd676dUtkarsh Sanghi virtual TPM_RC GetNVSpaceName(uint32_t index, std::string* name) = 0; 23439dd58452d7fe3ebe93490a6239a76b385bd676dUtkarsh Sanghi 23539dd58452d7fe3ebe93490a6239a76b385bd676dUtkarsh Sanghi // This function returns the public area of an non-volatile space defined in 23639dd58452d7fe3ebe93490a6239a76b385bd676dUtkarsh Sanghi // the TPM. 23739dd58452d7fe3ebe93490a6239a76b385bd676dUtkarsh Sanghi virtual TPM_RC GetNVSpacePublicArea(uint32_t index, 23839dd58452d7fe3ebe93490a6239a76b385bd676dUtkarsh Sanghi TPMS_NV_PUBLIC* public_data) = 0; 23939dd58452d7fe3ebe93490a6239a76b385bd676dUtkarsh Sanghi 240c364caa9d091baae8eeb9144a6abf69e1fcabb39Darren Krahn private: 241c364caa9d091baae8eeb9144a6abf69e1fcabb39Darren Krahn DISALLOW_COPY_AND_ASSIGN(TpmUtility); 242c364caa9d091baae8eeb9144a6abf69e1fcabb39Darren Krahn}; 243c364caa9d091baae8eeb9144a6abf69e1fcabb39Darren Krahn 244c364caa9d091baae8eeb9144a6abf69e1fcabb39Darren Krahn} // namespace trunks 245c364caa9d091baae8eeb9144a6abf69e1fcabb39Darren Krahn 246c364caa9d091baae8eeb9144a6abf69e1fcabb39Darren Krahn#endif // TRUNKS_TPM_UTILITY_H_ 247