u2fd/tpm_vendor_cmd.h - mirrors/cros/chromiumos/platform2 - Git at Google

 // Copyright 2017 The Chromium OS Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #ifndef U2FD_TPM_VENDOR_CMD_H_
 #define U2FD_TPM_VENDOR_CMD_H_

 #include <string>

 #include <base/macros.h>

 #include "trunks/trunks_dbus_proxy.h"

 namespace u2f {

 // The TPM response code is all zero for success.
 // Errors are a little complicated:
 //
 //   Bits 31:12 must be zero.
 //
 //   Bit 11     S=0   Error
 //   Bit 10     T=1   Vendor defined response code
 //   Bit  9     r=0   reserved
 //   Bit  8     V=1   Conforms to TPMv2 spec
 //   Bit  7     F=0   Conforms to Table 14, Format-Zero Response Codes
 //   Bits 6:0   num   128 possible failure reasons
 const uint32_t kVendorRcErr = 0x00000500;
 // Command not implemented on the firmware side.
 const uint32_t kVendorRcNoSuchCommand = kVendorRcErr | 0x7f;

 // TpmVendorCommandProxy sends vendor commands to the TPM security chip
 // by using the D-Bus connection to the trunksd daemon which communicates
 // with the physical TPM through the kernel driver exposing /dev/tpm0.
 class TpmVendorCommandProxy : public trunks::TrunksDBusProxy {
  public:
   TpmVendorCommandProxy();
   ~TpmVendorCommandProxy() override;

   // Sends the VENDOR_CC_U2F_APDU command to the TPM with |req| as the
   // ISO7816-4:2005 APDU data and writes in |resp| sent back by the TPM.
   // Returns the TPM response code.
   int SendU2fApdu(const std::string& req, std::string* resp_out);

   // Sets the operating mode of the U2F feature in the TPM.
   // Returns the TPM response code.
   int SetU2fVendorMode(uint8_t mode);

   // Reads the TPM firmware U2F protocol implementation in |version|
   // by sending a U2F_VERSION APDU encapsulated in a TPM vendor commands.
   // Returns the TPM response code.
   int GetU2fVersion(std::string* version_out);

  private:
   // Sends the TPM command with vendor-specific command code |cc| and the
   // payload in |input|, get the reply in |output|. Returns the TPM response
   // code.
   uint32_t VendorCommand(uint16_t cc,
                          const std::string& input,
                          std::string* output);

   // Retrieve and record in the log the individual attestation certificate.
   void LogIndividualCertificate();

   DISALLOW_COPY_AND_ASSIGN(TpmVendorCommandProxy);
 };

 }  // namespace u2f

 #endif  // U2FD_TPM_VENDOR_CMD_H_
	// Copyright 2017 The Chromium OS Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#ifndef U2FD_TPM_VENDOR_CMD_H_
	#define U2FD_TPM_VENDOR_CMD_H_

	#include <string>

	#include <base/macros.h>

	#include "trunks/trunks_dbus_proxy.h"

	namespace u2f {

	// The TPM response code is all zero for success.
	// Errors are a little complicated:
	//
	// Bits 31:12 must be zero.
	//
	// Bit 11 S=0 Error
	// Bit 10 T=1 Vendor defined response code
	// Bit 9 r=0 reserved
	// Bit 8 V=1 Conforms to TPMv2 spec
	// Bit 7 F=0 Conforms to Table 14, Format-Zero Response Codes
	// Bits 6:0 num 128 possible failure reasons
	const uint32_t kVendorRcErr = 0x00000500;
	// Command not implemented on the firmware side.
	const uint32_t kVendorRcNoSuchCommand = kVendorRcErr \| 0x7f;

	// TpmVendorCommandProxy sends vendor commands to the TPM security chip
	// by using the D-Bus connection to the trunksd daemon which communicates
	// with the physical TPM through the kernel driver exposing /dev/tpm0.
	class TpmVendorCommandProxy : public trunks::TrunksDBusProxy {
	public:
	TpmVendorCommandProxy();
	~TpmVendorCommandProxy() override;

	// Sends the VENDOR_CC_U2F_APDU command to the TPM with \|req\| as the
	// ISO7816-4:2005 APDU data and writes in \|resp\| sent back by the TPM.
	// Returns the TPM response code.
	int SendU2fApdu(const std::string& req, std::string* resp_out);

	// Sets the operating mode of the U2F feature in the TPM.
	// Returns the TPM response code.
	int SetU2fVendorMode(uint8_t mode);

	// Reads the TPM firmware U2F protocol implementation in \|version\|
	// by sending a U2F_VERSION APDU encapsulated in a TPM vendor commands.
	// Returns the TPM response code.
	int GetU2fVersion(std::string* version_out);

	private:
	// Sends the TPM command with vendor-specific command code \|cc\| and the
	// payload in \|input\|, get the reply in \|output\|. Returns the TPM response
	// code.
	uint32_t VendorCommand(uint16_t cc,
	const std::string& input,
	std::string* output);

	// Retrieve and record in the log the individual attestation certificate.
	void LogIndividualCertificate();

	DISALLOW_COPY_AND_ASSIGN(TpmVendorCommandProxy);
	};

	} // namespace u2f

	#endif // U2FD_TPM_VENDOR_CMD_H_